// Copyright 2025 Google LLC
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
//     https://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
//
// Code generated by sidekick. DO NOT EDIT.

#![allow(rustdoc::redundant_explicit_links)]
#![allow(rustdoc::broken_intra_doc_links)]
#![no_implicit_prelude]
extern crate async_trait;
extern crate bytes;
extern crate gax;
extern crate gaxi;
extern crate iam_v1;
extern crate lazy_static;
extern crate location;
extern crate longrunning;
extern crate lro;
extern crate reqwest;
extern crate serde;
extern crate serde_json;
extern crate serde_with;
extern crate std;
extern crate tracing;
extern crate wkt;

mod debug;
mod deserialize;
mod serialize;

/// Request message for
/// [Autokey.CreateKeyHandle][google.cloud.kms.v1.Autokey.CreateKeyHandle].
///
/// [google.cloud.kms.v1.Autokey.CreateKeyHandle]: crate::client::Autokey::create_key_handle
#[derive(Clone, Default, PartialEq)]
#[non_exhaustive]
pub struct CreateKeyHandleRequest {
    /// Required. Name of the resource project and location to create the
    /// [KeyHandle][google.cloud.kms.v1.KeyHandle] in, e.g.
    /// `projects/{PROJECT_ID}/locations/{LOCATION}`.
    ///
    /// [google.cloud.kms.v1.KeyHandle]: crate::model::KeyHandle
    pub parent: std::string::String,

    /// Optional. Id of the [KeyHandle][google.cloud.kms.v1.KeyHandle]. Must be
    /// unique to the resource project and location. If not provided by the caller,
    /// a new UUID is used.
    ///
    /// [google.cloud.kms.v1.KeyHandle]: crate::model::KeyHandle
    pub key_handle_id: std::string::String,

    /// Required. [KeyHandle][google.cloud.kms.v1.KeyHandle] to create.
    ///
    /// [google.cloud.kms.v1.KeyHandle]: crate::model::KeyHandle
    pub key_handle: std::option::Option<crate::model::KeyHandle>,

    pub(crate) _unknown_fields: serde_json::Map<std::string::String, serde_json::Value>,
}

impl CreateKeyHandleRequest {
    pub fn new() -> Self {
        std::default::Default::default()
    }

    /// Sets the value of [parent][crate::model::CreateKeyHandleRequest::parent].
    pub fn set_parent<T: std::convert::Into<std::string::String>>(mut self, v: T) -> Self {
        self.parent = v.into();
        self
    }

    /// Sets the value of [key_handle_id][crate::model::CreateKeyHandleRequest::key_handle_id].
    pub fn set_key_handle_id<T: std::convert::Into<std::string::String>>(mut self, v: T) -> Self {
        self.key_handle_id = v.into();
        self
    }

    /// Sets the value of [key_handle][crate::model::CreateKeyHandleRequest::key_handle].
    pub fn set_key_handle<T>(mut self, v: T) -> Self
    where
        T: std::convert::Into<crate::model::KeyHandle>,
    {
        self.key_handle = std::option::Option::Some(v.into());
        self
    }

    /// Sets or clears the value of [key_handle][crate::model::CreateKeyHandleRequest::key_handle].
    pub fn set_or_clear_key_handle<T>(mut self, v: std::option::Option<T>) -> Self
    where
        T: std::convert::Into<crate::model::KeyHandle>,
    {
        self.key_handle = v.map(|x| x.into());
        self
    }
}

impl wkt::message::Message for CreateKeyHandleRequest {
    fn typename() -> &'static str {
        "type.googleapis.com/google.cloud.kms.v1.CreateKeyHandleRequest"
    }
}

/// Request message for [GetKeyHandle][google.cloud.kms.v1.Autokey.GetKeyHandle].
///
/// [google.cloud.kms.v1.Autokey.GetKeyHandle]: crate::client::Autokey::get_key_handle
#[derive(Clone, Default, PartialEq)]
#[non_exhaustive]
pub struct GetKeyHandleRequest {
    /// Required. Name of the [KeyHandle][google.cloud.kms.v1.KeyHandle] resource,
    /// e.g.
    /// `projects/{PROJECT_ID}/locations/{LOCATION}/keyHandles/{KEY_HANDLE_ID}`.
    ///
    /// [google.cloud.kms.v1.KeyHandle]: crate::model::KeyHandle
    pub name: std::string::String,

    pub(crate) _unknown_fields: serde_json::Map<std::string::String, serde_json::Value>,
}

impl GetKeyHandleRequest {
    pub fn new() -> Self {
        std::default::Default::default()
    }

    /// Sets the value of [name][crate::model::GetKeyHandleRequest::name].
    pub fn set_name<T: std::convert::Into<std::string::String>>(mut self, v: T) -> Self {
        self.name = v.into();
        self
    }
}

impl wkt::message::Message for GetKeyHandleRequest {
    fn typename() -> &'static str {
        "type.googleapis.com/google.cloud.kms.v1.GetKeyHandleRequest"
    }
}

/// Resource-oriented representation of a request to Cloud KMS Autokey and the
/// resulting provisioning of a [CryptoKey][google.cloud.kms.v1.CryptoKey].
///
/// [google.cloud.kms.v1.CryptoKey]: crate::model::CryptoKey
#[derive(Clone, Default, PartialEq)]
#[non_exhaustive]
pub struct KeyHandle {
    /// Identifier. Name of the [KeyHandle][google.cloud.kms.v1.KeyHandle]
    /// resource, e.g.
    /// `projects/{PROJECT_ID}/locations/{LOCATION}/keyHandles/{KEY_HANDLE_ID}`.
    ///
    /// [google.cloud.kms.v1.KeyHandle]: crate::model::KeyHandle
    pub name: std::string::String,

    /// Output only. Name of a [CryptoKey][google.cloud.kms.v1.CryptoKey] that has
    /// been provisioned for Customer Managed Encryption Key (CMEK) use in the
    /// [KeyHandle][google.cloud.kms.v1.KeyHandle] project and location for the
    /// requested resource type. The [CryptoKey][google.cloud.kms.v1.CryptoKey]
    /// project will reflect the value configured in the
    /// [AutokeyConfig][google.cloud.kms.v1.AutokeyConfig] on the resource
    /// project's ancestor folder at the time of the
    /// [KeyHandle][google.cloud.kms.v1.KeyHandle] creation. If more than one
    /// ancestor folder has a configured
    /// [AutokeyConfig][google.cloud.kms.v1.AutokeyConfig], the nearest of these
    /// configurations is used.
    ///
    /// [google.cloud.kms.v1.AutokeyConfig]: crate::model::AutokeyConfig
    /// [google.cloud.kms.v1.CryptoKey]: crate::model::CryptoKey
    /// [google.cloud.kms.v1.KeyHandle]: crate::model::KeyHandle
    pub kms_key: std::string::String,

    /// Required. Indicates the resource type that the resulting
    /// [CryptoKey][google.cloud.kms.v1.CryptoKey] is meant to protect, e.g.
    /// `{SERVICE}.googleapis.com/{TYPE}`. See documentation for supported resource
    /// types.
    ///
    /// [google.cloud.kms.v1.CryptoKey]: crate::model::CryptoKey
    pub resource_type_selector: std::string::String,

    pub(crate) _unknown_fields: serde_json::Map<std::string::String, serde_json::Value>,
}

impl KeyHandle {
    pub fn new() -> Self {
        std::default::Default::default()
    }

    /// Sets the value of [name][crate::model::KeyHandle::name].
    pub fn set_name<T: std::convert::Into<std::string::String>>(mut self, v: T) -> Self {
        self.name = v.into();
        self
    }

    /// Sets the value of [kms_key][crate::model::KeyHandle::kms_key].
    pub fn set_kms_key<T: std::convert::Into<std::string::String>>(mut self, v: T) -> Self {
        self.kms_key = v.into();
        self
    }

    /// Sets the value of [resource_type_selector][crate::model::KeyHandle::resource_type_selector].
    pub fn set_resource_type_selector<T: std::convert::Into<std::string::String>>(
        mut self,
        v: T,
    ) -> Self {
        self.resource_type_selector = v.into();
        self
    }
}

impl wkt::message::Message for KeyHandle {
    fn typename() -> &'static str {
        "type.googleapis.com/google.cloud.kms.v1.KeyHandle"
    }
}

/// Metadata message for
/// [CreateKeyHandle][google.cloud.kms.v1.Autokey.CreateKeyHandle] long-running
/// operation response.
///
/// [google.cloud.kms.v1.Autokey.CreateKeyHandle]: crate::client::Autokey::create_key_handle
#[derive(Clone, Default, PartialEq)]
#[non_exhaustive]
pub struct CreateKeyHandleMetadata {
    pub(crate) _unknown_fields: serde_json::Map<std::string::String, serde_json::Value>,
}

impl CreateKeyHandleMetadata {
    pub fn new() -> Self {
        std::default::Default::default()
    }
}

impl wkt::message::Message for CreateKeyHandleMetadata {
    fn typename() -> &'static str {
        "type.googleapis.com/google.cloud.kms.v1.CreateKeyHandleMetadata"
    }
}

/// Request message for
/// [Autokey.ListKeyHandles][google.cloud.kms.v1.Autokey.ListKeyHandles].
///
/// [google.cloud.kms.v1.Autokey.ListKeyHandles]: crate::client::Autokey::list_key_handles
#[derive(Clone, Default, PartialEq)]
#[non_exhaustive]
pub struct ListKeyHandlesRequest {
    /// Required. Name of the resource project and location from which to list
    /// [KeyHandles][google.cloud.kms.v1.KeyHandle], e.g.
    /// `projects/{PROJECT_ID}/locations/{LOCATION}`.
    ///
    /// [google.cloud.kms.v1.KeyHandle]: crate::model::KeyHandle
    pub parent: std::string::String,

    /// Optional. Optional limit on the number of
    /// [KeyHandles][google.cloud.kms.v1.KeyHandle] to include in the response. The
    /// service may return fewer than this value. Further
    /// [KeyHandles][google.cloud.kms.v1.KeyHandle] can subsequently be obtained by
    /// including the
    /// [ListKeyHandlesResponse.next_page_token][google.cloud.kms.v1.ListKeyHandlesResponse.next_page_token]
    /// in a subsequent request.  If unspecified, at most 100
    /// [KeyHandles][google.cloud.kms.v1.KeyHandle] will be returned.
    ///
    /// [google.cloud.kms.v1.KeyHandle]: crate::model::KeyHandle
    /// [google.cloud.kms.v1.ListKeyHandlesResponse.next_page_token]: crate::model::ListKeyHandlesResponse::next_page_token
    pub page_size: i32,

    /// Optional. Optional pagination token, returned earlier via
    /// [ListKeyHandlesResponse.next_page_token][google.cloud.kms.v1.ListKeyHandlesResponse.next_page_token].
    ///
    /// [google.cloud.kms.v1.ListKeyHandlesResponse.next_page_token]: crate::model::ListKeyHandlesResponse::next_page_token
    pub page_token: std::string::String,

    /// Optional. Filter to apply when listing
    /// [KeyHandles][google.cloud.kms.v1.KeyHandle], e.g.
    /// `resource_type_selector="{SERVICE}.googleapis.com/{TYPE}"`.
    ///
    /// [google.cloud.kms.v1.KeyHandle]: crate::model::KeyHandle
    pub filter: std::string::String,

    pub(crate) _unknown_fields: serde_json::Map<std::string::String, serde_json::Value>,
}

impl ListKeyHandlesRequest {
    pub fn new() -> Self {
        std::default::Default::default()
    }

    /// Sets the value of [parent][crate::model::ListKeyHandlesRequest::parent].
    pub fn set_parent<T: std::convert::Into<std::string::String>>(mut self, v: T) -> Self {
        self.parent = v.into();
        self
    }

    /// Sets the value of [page_size][crate::model::ListKeyHandlesRequest::page_size].
    pub fn set_page_size<T: std::convert::Into<i32>>(mut self, v: T) -> Self {
        self.page_size = v.into();
        self
    }

    /// Sets the value of [page_token][crate::model::ListKeyHandlesRequest::page_token].
    pub fn set_page_token<T: std::convert::Into<std::string::String>>(mut self, v: T) -> Self {
        self.page_token = v.into();
        self
    }

    /// Sets the value of [filter][crate::model::ListKeyHandlesRequest::filter].
    pub fn set_filter<T: std::convert::Into<std::string::String>>(mut self, v: T) -> Self {
        self.filter = v.into();
        self
    }
}

impl wkt::message::Message for ListKeyHandlesRequest {
    fn typename() -> &'static str {
        "type.googleapis.com/google.cloud.kms.v1.ListKeyHandlesRequest"
    }
}

/// Response message for
/// [Autokey.ListKeyHandles][google.cloud.kms.v1.Autokey.ListKeyHandles].
///
/// [google.cloud.kms.v1.Autokey.ListKeyHandles]: crate::client::Autokey::list_key_handles
#[derive(Clone, Default, PartialEq)]
#[non_exhaustive]
pub struct ListKeyHandlesResponse {
    /// Resulting [KeyHandles][google.cloud.kms.v1.KeyHandle].
    ///
    /// [google.cloud.kms.v1.KeyHandle]: crate::model::KeyHandle
    pub key_handles: std::vec::Vec<crate::model::KeyHandle>,

    /// A token to retrieve next page of results. Pass this value in
    /// [ListKeyHandlesRequest.page_token][google.cloud.kms.v1.ListKeyHandlesRequest.page_token]
    /// to retrieve the next page of results.
    ///
    /// [google.cloud.kms.v1.ListKeyHandlesRequest.page_token]: crate::model::ListKeyHandlesRequest::page_token
    pub next_page_token: std::string::String,

    pub(crate) _unknown_fields: serde_json::Map<std::string::String, serde_json::Value>,
}

impl ListKeyHandlesResponse {
    pub fn new() -> Self {
        std::default::Default::default()
    }

    /// Sets the value of [key_handles][crate::model::ListKeyHandlesResponse::key_handles].
    pub fn set_key_handles<T, V>(mut self, v: T) -> Self
    where
        T: std::iter::IntoIterator<Item = V>,
        V: std::convert::Into<crate::model::KeyHandle>,
    {
        use std::iter::Iterator;
        self.key_handles = v.into_iter().map(|i| i.into()).collect();
        self
    }

    /// Sets the value of [next_page_token][crate::model::ListKeyHandlesResponse::next_page_token].
    pub fn set_next_page_token<T: std::convert::Into<std::string::String>>(mut self, v: T) -> Self {
        self.next_page_token = v.into();
        self
    }
}

impl wkt::message::Message for ListKeyHandlesResponse {
    fn typename() -> &'static str {
        "type.googleapis.com/google.cloud.kms.v1.ListKeyHandlesResponse"
    }
}

#[doc(hidden)]
impl gax::paginator::internal::PageableResponse for ListKeyHandlesResponse {
    type PageItem = crate::model::KeyHandle;

    fn items(self) -> std::vec::Vec<Self::PageItem> {
        self.key_handles
    }

    fn next_page_token(&self) -> std::string::String {
        use std::clone::Clone;
        self.next_page_token.clone()
    }
}

/// Request message for
/// [UpdateAutokeyConfig][google.cloud.kms.v1.AutokeyAdmin.UpdateAutokeyConfig].
///
/// [google.cloud.kms.v1.AutokeyAdmin.UpdateAutokeyConfig]: crate::client::AutokeyAdmin::update_autokey_config
#[derive(Clone, Default, PartialEq)]
#[non_exhaustive]
pub struct UpdateAutokeyConfigRequest {
    /// Required. [AutokeyConfig][google.cloud.kms.v1.AutokeyConfig] with values to
    /// update.
    ///
    /// [google.cloud.kms.v1.AutokeyConfig]: crate::model::AutokeyConfig
    pub autokey_config: std::option::Option<crate::model::AutokeyConfig>,

    /// Required. Masks which fields of the
    /// [AutokeyConfig][google.cloud.kms.v1.AutokeyConfig] to update, e.g.
    /// `keyProject`.
    ///
    /// [google.cloud.kms.v1.AutokeyConfig]: crate::model::AutokeyConfig
    pub update_mask: std::option::Option<wkt::FieldMask>,

    pub(crate) _unknown_fields: serde_json::Map<std::string::String, serde_json::Value>,
}

impl UpdateAutokeyConfigRequest {
    pub fn new() -> Self {
        std::default::Default::default()
    }

    /// Sets the value of [autokey_config][crate::model::UpdateAutokeyConfigRequest::autokey_config].
    pub fn set_autokey_config<T>(mut self, v: T) -> Self
    where
        T: std::convert::Into<crate::model::AutokeyConfig>,
    {
        self.autokey_config = std::option::Option::Some(v.into());
        self
    }

    /// Sets or clears the value of [autokey_config][crate::model::UpdateAutokeyConfigRequest::autokey_config].
    pub fn set_or_clear_autokey_config<T>(mut self, v: std::option::Option<T>) -> Self
    where
        T: std::convert::Into<crate::model::AutokeyConfig>,
    {
        self.autokey_config = v.map(|x| x.into());
        self
    }

    /// Sets the value of [update_mask][crate::model::UpdateAutokeyConfigRequest::update_mask].
    pub fn set_update_mask<T>(mut self, v: T) -> Self
    where
        T: std::convert::Into<wkt::FieldMask>,
    {
        self.update_mask = std::option::Option::Some(v.into());
        self
    }

    /// Sets or clears the value of [update_mask][crate::model::UpdateAutokeyConfigRequest::update_mask].
    pub fn set_or_clear_update_mask<T>(mut self, v: std::option::Option<T>) -> Self
    where
        T: std::convert::Into<wkt::FieldMask>,
    {
        self.update_mask = v.map(|x| x.into());
        self
    }
}

impl wkt::message::Message for UpdateAutokeyConfigRequest {
    fn typename() -> &'static str {
        "type.googleapis.com/google.cloud.kms.v1.UpdateAutokeyConfigRequest"
    }
}

/// Request message for
/// [GetAutokeyConfig][google.cloud.kms.v1.AutokeyAdmin.GetAutokeyConfig].
///
/// [google.cloud.kms.v1.AutokeyAdmin.GetAutokeyConfig]: crate::client::AutokeyAdmin::get_autokey_config
#[derive(Clone, Default, PartialEq)]
#[non_exhaustive]
pub struct GetAutokeyConfigRequest {
    /// Required. Name of the [AutokeyConfig][google.cloud.kms.v1.AutokeyConfig]
    /// resource, e.g. `folders/{FOLDER_NUMBER}/autokeyConfig`.
    ///
    /// [google.cloud.kms.v1.AutokeyConfig]: crate::model::AutokeyConfig
    pub name: std::string::String,

    pub(crate) _unknown_fields: serde_json::Map<std::string::String, serde_json::Value>,
}

impl GetAutokeyConfigRequest {
    pub fn new() -> Self {
        std::default::Default::default()
    }

    /// Sets the value of [name][crate::model::GetAutokeyConfigRequest::name].
    pub fn set_name<T: std::convert::Into<std::string::String>>(mut self, v: T) -> Self {
        self.name = v.into();
        self
    }
}

impl wkt::message::Message for GetAutokeyConfigRequest {
    fn typename() -> &'static str {
        "type.googleapis.com/google.cloud.kms.v1.GetAutokeyConfigRequest"
    }
}

/// Cloud KMS Autokey configuration for a folder.
#[derive(Clone, Default, PartialEq)]
#[non_exhaustive]
pub struct AutokeyConfig {
    /// Identifier. Name of the [AutokeyConfig][google.cloud.kms.v1.AutokeyConfig]
    /// resource, e.g. `folders/{FOLDER_NUMBER}/autokeyConfig`.
    ///
    /// [google.cloud.kms.v1.AutokeyConfig]: crate::model::AutokeyConfig
    pub name: std::string::String,

    /// Optional. Name of the key project, e.g. `projects/{PROJECT_ID}` or
    /// `projects/{PROJECT_NUMBER}`, where Cloud KMS Autokey will provision a new
    /// [CryptoKey][google.cloud.kms.v1.CryptoKey] when a
    /// [KeyHandle][google.cloud.kms.v1.KeyHandle] is created. On
    /// [UpdateAutokeyConfig][google.cloud.kms.v1.AutokeyAdmin.UpdateAutokeyConfig],
    /// the caller will require `cloudkms.cryptoKeys.setIamPolicy` permission on
    /// this key project. Once configured, for Cloud KMS Autokey to function
    /// properly, this key project must have the Cloud KMS API activated and the
    /// Cloud KMS Service Agent for this key project must be granted the
    /// `cloudkms.admin` role (or pertinent permissions). A request with an empty
    /// key project field will clear the configuration.
    ///
    /// [google.cloud.kms.v1.AutokeyAdmin.UpdateAutokeyConfig]: crate::client::AutokeyAdmin::update_autokey_config
    /// [google.cloud.kms.v1.CryptoKey]: crate::model::CryptoKey
    /// [google.cloud.kms.v1.KeyHandle]: crate::model::KeyHandle
    pub key_project: std::string::String,

    /// Output only. The state for the AutokeyConfig.
    pub state: crate::model::autokey_config::State,

    /// Optional. A checksum computed by the server based on the value of other
    /// fields. This may be sent on update requests to ensure that the client has
    /// an up-to-date value before proceeding. The request will be rejected with an
    /// ABORTED error on a mismatched etag.
    pub etag: std::string::String,

    pub(crate) _unknown_fields: serde_json::Map<std::string::String, serde_json::Value>,
}

impl AutokeyConfig {
    pub fn new() -> Self {
        std::default::Default::default()
    }

    /// Sets the value of [name][crate::model::AutokeyConfig::name].
    pub fn set_name<T: std::convert::Into<std::string::String>>(mut self, v: T) -> Self {
        self.name = v.into();
        self
    }

    /// Sets the value of [key_project][crate::model::AutokeyConfig::key_project].
    pub fn set_key_project<T: std::convert::Into<std::string::String>>(mut self, v: T) -> Self {
        self.key_project = v.into();
        self
    }

    /// Sets the value of [state][crate::model::AutokeyConfig::state].
    pub fn set_state<T: std::convert::Into<crate::model::autokey_config::State>>(
        mut self,
        v: T,
    ) -> Self {
        self.state = v.into();
        self
    }

    /// Sets the value of [etag][crate::model::AutokeyConfig::etag].
    pub fn set_etag<T: std::convert::Into<std::string::String>>(mut self, v: T) -> Self {
        self.etag = v.into();
        self
    }
}

impl wkt::message::Message for AutokeyConfig {
    fn typename() -> &'static str {
        "type.googleapis.com/google.cloud.kms.v1.AutokeyConfig"
    }
}

/// Defines additional types related to [AutokeyConfig].
pub mod autokey_config {
    #[allow(unused_imports)]
    use super::*;

    /// The states AutokeyConfig can be in.
    ///
    /// # Working with unknown values
    ///
    /// This enum is defined as `#[non_exhaustive]` because Google Cloud may add
    /// additional enum variants at any time. Adding new variants is not considered
    /// a breaking change. Applications should write their code in anticipation of:
    ///
    /// - New values appearing in future releases of the client library, **and**
    /// - New values received dynamically, without application changes.
    ///
    /// Please consult the [Working with enums] section in the user guide for some
    /// guidelines.
    ///
    /// [Working with enums]: https://google-cloud-rust.github.io/working_with_enums.html
    #[derive(Clone, Debug, PartialEq)]
    #[non_exhaustive]
    pub enum State {
        /// The state of the AutokeyConfig is unspecified.
        Unspecified,
        /// The AutokeyConfig is currently active.
        Active,
        /// A previously configured key project has been deleted and the current
        /// AutokeyConfig is unusable.
        KeyProjectDeleted,
        /// The AutokeyConfig is not yet initialized or has been reset to its default
        /// uninitialized state.
        Uninitialized,
        /// If set, the enum was initialized with an unknown value.
        ///
        /// Applications can examine the value using [State::value] or
        /// [State::name].
        UnknownValue(state::UnknownValue),
    }

    #[doc(hidden)]
    pub mod state {
        #[allow(unused_imports)]
        use super::*;
        #[derive(Clone, Debug, PartialEq)]
        pub struct UnknownValue(pub(crate) wkt::internal::UnknownEnumValue);
    }

    impl State {
        /// Gets the enum value.
        ///
        /// Returns `None` if the enum contains an unknown value deserialized from
        /// the string representation of enums.
        pub fn value(&self) -> std::option::Option<i32> {
            match self {
                Self::Unspecified => std::option::Option::Some(0),
                Self::Active => std::option::Option::Some(1),
                Self::KeyProjectDeleted => std::option::Option::Some(2),
                Self::Uninitialized => std::option::Option::Some(3),
                Self::UnknownValue(u) => u.0.value(),
            }
        }

        /// Gets the enum value as a string.
        ///
        /// Returns `None` if the enum contains an unknown value deserialized from
        /// the integer representation of enums.
        pub fn name(&self) -> std::option::Option<&str> {
            match self {
                Self::Unspecified => std::option::Option::Some("STATE_UNSPECIFIED"),
                Self::Active => std::option::Option::Some("ACTIVE"),
                Self::KeyProjectDeleted => std::option::Option::Some("KEY_PROJECT_DELETED"),
                Self::Uninitialized => std::option::Option::Some("UNINITIALIZED"),
                Self::UnknownValue(u) => u.0.name(),
            }
        }
    }

    impl std::default::Default for State {
        fn default() -> Self {
            use std::convert::From;
            Self::from(0)
        }
    }

    impl std::fmt::Display for State {
        fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::result::Result<(), std::fmt::Error> {
            wkt::internal::display_enum(f, self.name(), self.value())
        }
    }

    impl std::convert::From<i32> for State {
        fn from(value: i32) -> Self {
            match value {
                0 => Self::Unspecified,
                1 => Self::Active,
                2 => Self::KeyProjectDeleted,
                3 => Self::Uninitialized,
                _ => Self::UnknownValue(state::UnknownValue(
                    wkt::internal::UnknownEnumValue::Integer(value),
                )),
            }
        }
    }

    impl std::convert::From<&str> for State {
        fn from(value: &str) -> Self {
            use std::string::ToString;
            match value {
                "STATE_UNSPECIFIED" => Self::Unspecified,
                "ACTIVE" => Self::Active,
                "KEY_PROJECT_DELETED" => Self::KeyProjectDeleted,
                "UNINITIALIZED" => Self::Uninitialized,
                _ => Self::UnknownValue(state::UnknownValue(
                    wkt::internal::UnknownEnumValue::String(value.to_string()),
                )),
            }
        }
    }

    impl serde::ser::Serialize for State {
        fn serialize<S>(&self, serializer: S) -> std::result::Result<S::Ok, S::Error>
        where
            S: serde::Serializer,
        {
            match self {
                Self::Unspecified => serializer.serialize_i32(0),
                Self::Active => serializer.serialize_i32(1),
                Self::KeyProjectDeleted => serializer.serialize_i32(2),
                Self::Uninitialized => serializer.serialize_i32(3),
                Self::UnknownValue(u) => u.0.serialize(serializer),
            }
        }
    }

    impl<'de> serde::de::Deserialize<'de> for State {
        fn deserialize<D>(deserializer: D) -> std::result::Result<Self, D::Error>
        where
            D: serde::Deserializer<'de>,
        {
            deserializer.deserialize_any(wkt::internal::EnumVisitor::<State>::new(
                ".google.cloud.kms.v1.AutokeyConfig.State",
            ))
        }
    }
}

/// Request message for
/// [ShowEffectiveAutokeyConfig][google.cloud.kms.v1.AutokeyAdmin.ShowEffectiveAutokeyConfig].
///
/// [google.cloud.kms.v1.AutokeyAdmin.ShowEffectiveAutokeyConfig]: crate::client::AutokeyAdmin::show_effective_autokey_config
#[derive(Clone, Default, PartialEq)]
#[non_exhaustive]
pub struct ShowEffectiveAutokeyConfigRequest {
    /// Required. Name of the resource project to the show effective Cloud KMS
    /// Autokey configuration for. This may be helpful for interrogating the effect
    /// of nested folder configurations on a given resource project.
    pub parent: std::string::String,

    pub(crate) _unknown_fields: serde_json::Map<std::string::String, serde_json::Value>,
}

impl ShowEffectiveAutokeyConfigRequest {
    pub fn new() -> Self {
        std::default::Default::default()
    }

    /// Sets the value of [parent][crate::model::ShowEffectiveAutokeyConfigRequest::parent].
    pub fn set_parent<T: std::convert::Into<std::string::String>>(mut self, v: T) -> Self {
        self.parent = v.into();
        self
    }
}

impl wkt::message::Message for ShowEffectiveAutokeyConfigRequest {
    fn typename() -> &'static str {
        "type.googleapis.com/google.cloud.kms.v1.ShowEffectiveAutokeyConfigRequest"
    }
}

/// Response message for
/// [ShowEffectiveAutokeyConfig][google.cloud.kms.v1.AutokeyAdmin.ShowEffectiveAutokeyConfig].
///
/// [google.cloud.kms.v1.AutokeyAdmin.ShowEffectiveAutokeyConfig]: crate::client::AutokeyAdmin::show_effective_autokey_config
#[derive(Clone, Default, PartialEq)]
#[non_exhaustive]
pub struct ShowEffectiveAutokeyConfigResponse {
    /// Name of the key project configured in the resource project's folder
    /// ancestry.
    pub key_project: std::string::String,

    pub(crate) _unknown_fields: serde_json::Map<std::string::String, serde_json::Value>,
}

impl ShowEffectiveAutokeyConfigResponse {
    pub fn new() -> Self {
        std::default::Default::default()
    }

    /// Sets the value of [key_project][crate::model::ShowEffectiveAutokeyConfigResponse::key_project].
    pub fn set_key_project<T: std::convert::Into<std::string::String>>(mut self, v: T) -> Self {
        self.key_project = v.into();
        self
    }
}

impl wkt::message::Message for ShowEffectiveAutokeyConfigResponse {
    fn typename() -> &'static str {
        "type.googleapis.com/google.cloud.kms.v1.ShowEffectiveAutokeyConfigResponse"
    }
}

/// Request message for
/// [EkmService.ListEkmConnections][google.cloud.kms.v1.EkmService.ListEkmConnections].
///
/// [google.cloud.kms.v1.EkmService.ListEkmConnections]: crate::client::EkmService::list_ekm_connections
#[derive(Clone, Default, PartialEq)]
#[non_exhaustive]
pub struct ListEkmConnectionsRequest {
    /// Required. The resource name of the location associated with the
    /// [EkmConnections][google.cloud.kms.v1.EkmConnection] to list, in the format
    /// `projects/*/locations/*`.
    ///
    /// [google.cloud.kms.v1.EkmConnection]: crate::model::EkmConnection
    pub parent: std::string::String,

    /// Optional. Optional limit on the number of
    /// [EkmConnections][google.cloud.kms.v1.EkmConnection] to include in the
    /// response. Further [EkmConnections][google.cloud.kms.v1.EkmConnection] can
    /// subsequently be obtained by including the
    /// [ListEkmConnectionsResponse.next_page_token][google.cloud.kms.v1.ListEkmConnectionsResponse.next_page_token]
    /// in a subsequent request. If unspecified, the server will pick an
    /// appropriate default.
    ///
    /// [google.cloud.kms.v1.EkmConnection]: crate::model::EkmConnection
    /// [google.cloud.kms.v1.ListEkmConnectionsResponse.next_page_token]: crate::model::ListEkmConnectionsResponse::next_page_token
    pub page_size: i32,

    /// Optional. Optional pagination token, returned earlier via
    /// [ListEkmConnectionsResponse.next_page_token][google.cloud.kms.v1.ListEkmConnectionsResponse.next_page_token].
    ///
    /// [google.cloud.kms.v1.ListEkmConnectionsResponse.next_page_token]: crate::model::ListEkmConnectionsResponse::next_page_token
    pub page_token: std::string::String,

    /// Optional. Only include resources that match the filter in the response. For
    /// more information, see
    /// [Sorting and filtering list
    /// results](https://cloud.google.com/kms/docs/sorting-and-filtering).
    pub filter: std::string::String,

    /// Optional. Specify how the results should be sorted. If not specified, the
    /// results will be sorted in the default order.  For more information, see
    /// [Sorting and filtering list
    /// results](https://cloud.google.com/kms/docs/sorting-and-filtering).
    pub order_by: std::string::String,

    pub(crate) _unknown_fields: serde_json::Map<std::string::String, serde_json::Value>,
}

impl ListEkmConnectionsRequest {
    pub fn new() -> Self {
        std::default::Default::default()
    }

    /// Sets the value of [parent][crate::model::ListEkmConnectionsRequest::parent].
    pub fn set_parent<T: std::convert::Into<std::string::String>>(mut self, v: T) -> Self {
        self.parent = v.into();
        self
    }

    /// Sets the value of [page_size][crate::model::ListEkmConnectionsRequest::page_size].
    pub fn set_page_size<T: std::convert::Into<i32>>(mut self, v: T) -> Self {
        self.page_size = v.into();
        self
    }

    /// Sets the value of [page_token][crate::model::ListEkmConnectionsRequest::page_token].
    pub fn set_page_token<T: std::convert::Into<std::string::String>>(mut self, v: T) -> Self {
        self.page_token = v.into();
        self
    }

    /// Sets the value of [filter][crate::model::ListEkmConnectionsRequest::filter].
    pub fn set_filter<T: std::convert::Into<std::string::String>>(mut self, v: T) -> Self {
        self.filter = v.into();
        self
    }

    /// Sets the value of [order_by][crate::model::ListEkmConnectionsRequest::order_by].
    pub fn set_order_by<T: std::convert::Into<std::string::String>>(mut self, v: T) -> Self {
        self.order_by = v.into();
        self
    }
}

impl wkt::message::Message for ListEkmConnectionsRequest {
    fn typename() -> &'static str {
        "type.googleapis.com/google.cloud.kms.v1.ListEkmConnectionsRequest"
    }
}

/// Response message for
/// [EkmService.ListEkmConnections][google.cloud.kms.v1.EkmService.ListEkmConnections].
///
/// [google.cloud.kms.v1.EkmService.ListEkmConnections]: crate::client::EkmService::list_ekm_connections
#[derive(Clone, Default, PartialEq)]
#[non_exhaustive]
pub struct ListEkmConnectionsResponse {
    /// The list of [EkmConnections][google.cloud.kms.v1.EkmConnection].
    ///
    /// [google.cloud.kms.v1.EkmConnection]: crate::model::EkmConnection
    pub ekm_connections: std::vec::Vec<crate::model::EkmConnection>,

    /// A token to retrieve next page of results. Pass this value in
    /// [ListEkmConnectionsRequest.page_token][google.cloud.kms.v1.ListEkmConnectionsRequest.page_token]
    /// to retrieve the next page of results.
    ///
    /// [google.cloud.kms.v1.ListEkmConnectionsRequest.page_token]: crate::model::ListEkmConnectionsRequest::page_token
    pub next_page_token: std::string::String,

    /// The total number of [EkmConnections][google.cloud.kms.v1.EkmConnection]
    /// that matched the query.
    ///
    /// This field is not populated if
    /// [ListEkmConnectionsRequest.filter][google.cloud.kms.v1.ListEkmConnectionsRequest.filter]
    /// is applied.
    ///
    /// [google.cloud.kms.v1.EkmConnection]: crate::model::EkmConnection
    /// [google.cloud.kms.v1.ListEkmConnectionsRequest.filter]: crate::model::ListEkmConnectionsRequest::filter
    pub total_size: i32,

    pub(crate) _unknown_fields: serde_json::Map<std::string::String, serde_json::Value>,
}

impl ListEkmConnectionsResponse {
    pub fn new() -> Self {
        std::default::Default::default()
    }

    /// Sets the value of [ekm_connections][crate::model::ListEkmConnectionsResponse::ekm_connections].
    pub fn set_ekm_connections<T, V>(mut self, v: T) -> Self
    where
        T: std::iter::IntoIterator<Item = V>,
        V: std::convert::Into<crate::model::EkmConnection>,
    {
        use std::iter::Iterator;
        self.ekm_connections = v.into_iter().map(|i| i.into()).collect();
        self
    }

    /// Sets the value of [next_page_token][crate::model::ListEkmConnectionsResponse::next_page_token].
    pub fn set_next_page_token<T: std::convert::Into<std::string::String>>(mut self, v: T) -> Self {
        self.next_page_token = v.into();
        self
    }

    /// Sets the value of [total_size][crate::model::ListEkmConnectionsResponse::total_size].
    pub fn set_total_size<T: std::convert::Into<i32>>(mut self, v: T) -> Self {
        self.total_size = v.into();
        self
    }
}

impl wkt::message::Message for ListEkmConnectionsResponse {
    fn typename() -> &'static str {
        "type.googleapis.com/google.cloud.kms.v1.ListEkmConnectionsResponse"
    }
}

#[doc(hidden)]
impl gax::paginator::internal::PageableResponse for ListEkmConnectionsResponse {
    type PageItem = crate::model::EkmConnection;

    fn items(self) -> std::vec::Vec<Self::PageItem> {
        self.ekm_connections
    }

    fn next_page_token(&self) -> std::string::String {
        use std::clone::Clone;
        self.next_page_token.clone()
    }
}

/// Request message for
/// [EkmService.GetEkmConnection][google.cloud.kms.v1.EkmService.GetEkmConnection].
///
/// [google.cloud.kms.v1.EkmService.GetEkmConnection]: crate::client::EkmService::get_ekm_connection
#[derive(Clone, Default, PartialEq)]
#[non_exhaustive]
pub struct GetEkmConnectionRequest {
    /// Required. The [name][google.cloud.kms.v1.EkmConnection.name] of the
    /// [EkmConnection][google.cloud.kms.v1.EkmConnection] to get.
    ///
    /// [google.cloud.kms.v1.EkmConnection]: crate::model::EkmConnection
    /// [google.cloud.kms.v1.EkmConnection.name]: crate::model::EkmConnection::name
    pub name: std::string::String,

    pub(crate) _unknown_fields: serde_json::Map<std::string::String, serde_json::Value>,
}

impl GetEkmConnectionRequest {
    pub fn new() -> Self {
        std::default::Default::default()
    }

    /// Sets the value of [name][crate::model::GetEkmConnectionRequest::name].
    pub fn set_name<T: std::convert::Into<std::string::String>>(mut self, v: T) -> Self {
        self.name = v.into();
        self
    }
}

impl wkt::message::Message for GetEkmConnectionRequest {
    fn typename() -> &'static str {
        "type.googleapis.com/google.cloud.kms.v1.GetEkmConnectionRequest"
    }
}

/// Request message for
/// [EkmService.CreateEkmConnection][google.cloud.kms.v1.EkmService.CreateEkmConnection].
///
/// [google.cloud.kms.v1.EkmService.CreateEkmConnection]: crate::client::EkmService::create_ekm_connection
#[derive(Clone, Default, PartialEq)]
#[non_exhaustive]
pub struct CreateEkmConnectionRequest {
    /// Required. The resource name of the location associated with the
    /// [EkmConnection][google.cloud.kms.v1.EkmConnection], in the format
    /// `projects/*/locations/*`.
    ///
    /// [google.cloud.kms.v1.EkmConnection]: crate::model::EkmConnection
    pub parent: std::string::String,

    /// Required. It must be unique within a location and match the regular
    /// expression `[a-zA-Z0-9_-]{1,63}`.
    pub ekm_connection_id: std::string::String,

    /// Required. An [EkmConnection][google.cloud.kms.v1.EkmConnection] with
    /// initial field values.
    ///
    /// [google.cloud.kms.v1.EkmConnection]: crate::model::EkmConnection
    pub ekm_connection: std::option::Option<crate::model::EkmConnection>,

    pub(crate) _unknown_fields: serde_json::Map<std::string::String, serde_json::Value>,
}

impl CreateEkmConnectionRequest {
    pub fn new() -> Self {
        std::default::Default::default()
    }

    /// Sets the value of [parent][crate::model::CreateEkmConnectionRequest::parent].
    pub fn set_parent<T: std::convert::Into<std::string::String>>(mut self, v: T) -> Self {
        self.parent = v.into();
        self
    }

    /// Sets the value of [ekm_connection_id][crate::model::CreateEkmConnectionRequest::ekm_connection_id].
    pub fn set_ekm_connection_id<T: std::convert::Into<std::string::String>>(
        mut self,
        v: T,
    ) -> Self {
        self.ekm_connection_id = v.into();
        self
    }

    /// Sets the value of [ekm_connection][crate::model::CreateEkmConnectionRequest::ekm_connection].
    pub fn set_ekm_connection<T>(mut self, v: T) -> Self
    where
        T: std::convert::Into<crate::model::EkmConnection>,
    {
        self.ekm_connection = std::option::Option::Some(v.into());
        self
    }

    /// Sets or clears the value of [ekm_connection][crate::model::CreateEkmConnectionRequest::ekm_connection].
    pub fn set_or_clear_ekm_connection<T>(mut self, v: std::option::Option<T>) -> Self
    where
        T: std::convert::Into<crate::model::EkmConnection>,
    {
        self.ekm_connection = v.map(|x| x.into());
        self
    }
}

impl wkt::message::Message for CreateEkmConnectionRequest {
    fn typename() -> &'static str {
        "type.googleapis.com/google.cloud.kms.v1.CreateEkmConnectionRequest"
    }
}

/// Request message for
/// [EkmService.UpdateEkmConnection][google.cloud.kms.v1.EkmService.UpdateEkmConnection].
///
/// [google.cloud.kms.v1.EkmService.UpdateEkmConnection]: crate::client::EkmService::update_ekm_connection
#[derive(Clone, Default, PartialEq)]
#[non_exhaustive]
pub struct UpdateEkmConnectionRequest {
    /// Required. [EkmConnection][google.cloud.kms.v1.EkmConnection] with updated
    /// values.
    ///
    /// [google.cloud.kms.v1.EkmConnection]: crate::model::EkmConnection
    pub ekm_connection: std::option::Option<crate::model::EkmConnection>,

    /// Required. List of fields to be updated in this request.
    pub update_mask: std::option::Option<wkt::FieldMask>,

    pub(crate) _unknown_fields: serde_json::Map<std::string::String, serde_json::Value>,
}

impl UpdateEkmConnectionRequest {
    pub fn new() -> Self {
        std::default::Default::default()
    }

    /// Sets the value of [ekm_connection][crate::model::UpdateEkmConnectionRequest::ekm_connection].
    pub fn set_ekm_connection<T>(mut self, v: T) -> Self
    where
        T: std::convert::Into<crate::model::EkmConnection>,
    {
        self.ekm_connection = std::option::Option::Some(v.into());
        self
    }

    /// Sets or clears the value of [ekm_connection][crate::model::UpdateEkmConnectionRequest::ekm_connection].
    pub fn set_or_clear_ekm_connection<T>(mut self, v: std::option::Option<T>) -> Self
    where
        T: std::convert::Into<crate::model::EkmConnection>,
    {
        self.ekm_connection = v.map(|x| x.into());
        self
    }

    /// Sets the value of [update_mask][crate::model::UpdateEkmConnectionRequest::update_mask].
    pub fn set_update_mask<T>(mut self, v: T) -> Self
    where
        T: std::convert::Into<wkt::FieldMask>,
    {
        self.update_mask = std::option::Option::Some(v.into());
        self
    }

    /// Sets or clears the value of [update_mask][crate::model::UpdateEkmConnectionRequest::update_mask].
    pub fn set_or_clear_update_mask<T>(mut self, v: std::option::Option<T>) -> Self
    where
        T: std::convert::Into<wkt::FieldMask>,
    {
        self.update_mask = v.map(|x| x.into());
        self
    }
}

impl wkt::message::Message for UpdateEkmConnectionRequest {
    fn typename() -> &'static str {
        "type.googleapis.com/google.cloud.kms.v1.UpdateEkmConnectionRequest"
    }
}

/// Request message for
/// [EkmService.GetEkmConfig][google.cloud.kms.v1.EkmService.GetEkmConfig].
///
/// [google.cloud.kms.v1.EkmService.GetEkmConfig]: crate::client::EkmService::get_ekm_config
#[derive(Clone, Default, PartialEq)]
#[non_exhaustive]
pub struct GetEkmConfigRequest {
    /// Required. The [name][google.cloud.kms.v1.EkmConfig.name] of the
    /// [EkmConfig][google.cloud.kms.v1.EkmConfig] to get.
    ///
    /// [google.cloud.kms.v1.EkmConfig]: crate::model::EkmConfig
    /// [google.cloud.kms.v1.EkmConfig.name]: crate::model::EkmConfig::name
    pub name: std::string::String,

    pub(crate) _unknown_fields: serde_json::Map<std::string::String, serde_json::Value>,
}

impl GetEkmConfigRequest {
    pub fn new() -> Self {
        std::default::Default::default()
    }

    /// Sets the value of [name][crate::model::GetEkmConfigRequest::name].
    pub fn set_name<T: std::convert::Into<std::string::String>>(mut self, v: T) -> Self {
        self.name = v.into();
        self
    }
}

impl wkt::message::Message for GetEkmConfigRequest {
    fn typename() -> &'static str {
        "type.googleapis.com/google.cloud.kms.v1.GetEkmConfigRequest"
    }
}

/// Request message for
/// [EkmService.UpdateEkmConfig][google.cloud.kms.v1.EkmService.UpdateEkmConfig].
///
/// [google.cloud.kms.v1.EkmService.UpdateEkmConfig]: crate::client::EkmService::update_ekm_config
#[derive(Clone, Default, PartialEq)]
#[non_exhaustive]
pub struct UpdateEkmConfigRequest {
    /// Required. [EkmConfig][google.cloud.kms.v1.EkmConfig] with updated values.
    ///
    /// [google.cloud.kms.v1.EkmConfig]: crate::model::EkmConfig
    pub ekm_config: std::option::Option<crate::model::EkmConfig>,

    /// Required. List of fields to be updated in this request.
    pub update_mask: std::option::Option<wkt::FieldMask>,

    pub(crate) _unknown_fields: serde_json::Map<std::string::String, serde_json::Value>,
}

impl UpdateEkmConfigRequest {
    pub fn new() -> Self {
        std::default::Default::default()
    }

    /// Sets the value of [ekm_config][crate::model::UpdateEkmConfigRequest::ekm_config].
    pub fn set_ekm_config<T>(mut self, v: T) -> Self
    where
        T: std::convert::Into<crate::model::EkmConfig>,
    {
        self.ekm_config = std::option::Option::Some(v.into());
        self
    }

    /// Sets or clears the value of [ekm_config][crate::model::UpdateEkmConfigRequest::ekm_config].
    pub fn set_or_clear_ekm_config<T>(mut self, v: std::option::Option<T>) -> Self
    where
        T: std::convert::Into<crate::model::EkmConfig>,
    {
        self.ekm_config = v.map(|x| x.into());
        self
    }

    /// Sets the value of [update_mask][crate::model::UpdateEkmConfigRequest::update_mask].
    pub fn set_update_mask<T>(mut self, v: T) -> Self
    where
        T: std::convert::Into<wkt::FieldMask>,
    {
        self.update_mask = std::option::Option::Some(v.into());
        self
    }

    /// Sets or clears the value of [update_mask][crate::model::UpdateEkmConfigRequest::update_mask].
    pub fn set_or_clear_update_mask<T>(mut self, v: std::option::Option<T>) -> Self
    where
        T: std::convert::Into<wkt::FieldMask>,
    {
        self.update_mask = v.map(|x| x.into());
        self
    }
}

impl wkt::message::Message for UpdateEkmConfigRequest {
    fn typename() -> &'static str {
        "type.googleapis.com/google.cloud.kms.v1.UpdateEkmConfigRequest"
    }
}

/// A [Certificate][google.cloud.kms.v1.Certificate] represents an X.509
/// certificate used to authenticate HTTPS connections to EKM replicas.
///
/// [google.cloud.kms.v1.Certificate]: crate::model::Certificate
#[derive(Clone, Default, PartialEq)]
#[non_exhaustive]
pub struct Certificate {
    /// Required. The raw certificate bytes in DER format.
    pub raw_der: ::bytes::Bytes,

    /// Output only. True if the certificate was parsed successfully.
    pub parsed: bool,

    /// Output only. The issuer distinguished name in RFC 2253 format. Only present
    /// if [parsed][google.cloud.kms.v1.Certificate.parsed] is true.
    ///
    /// [google.cloud.kms.v1.Certificate.parsed]: crate::model::Certificate::parsed
    pub issuer: std::string::String,

    /// Output only. The subject distinguished name in RFC 2253 format. Only
    /// present if [parsed][google.cloud.kms.v1.Certificate.parsed] is true.
    ///
    /// [google.cloud.kms.v1.Certificate.parsed]: crate::model::Certificate::parsed
    pub subject: std::string::String,

    /// Output only. The subject Alternative DNS names. Only present if
    /// [parsed][google.cloud.kms.v1.Certificate.parsed] is true.
    ///
    /// [google.cloud.kms.v1.Certificate.parsed]: crate::model::Certificate::parsed
    pub subject_alternative_dns_names: std::vec::Vec<std::string::String>,

    /// Output only. The certificate is not valid before this time. Only present if
    /// [parsed][google.cloud.kms.v1.Certificate.parsed] is true.
    ///
    /// [google.cloud.kms.v1.Certificate.parsed]: crate::model::Certificate::parsed
    pub not_before_time: std::option::Option<wkt::Timestamp>,

    /// Output only. The certificate is not valid after this time. Only present if
    /// [parsed][google.cloud.kms.v1.Certificate.parsed] is true.
    ///
    /// [google.cloud.kms.v1.Certificate.parsed]: crate::model::Certificate::parsed
    pub not_after_time: std::option::Option<wkt::Timestamp>,

    /// Output only. The certificate serial number as a hex string. Only present if
    /// [parsed][google.cloud.kms.v1.Certificate.parsed] is true.
    ///
    /// [google.cloud.kms.v1.Certificate.parsed]: crate::model::Certificate::parsed
    pub serial_number: std::string::String,

    /// Output only. The SHA-256 certificate fingerprint as a hex string. Only
    /// present if [parsed][google.cloud.kms.v1.Certificate.parsed] is true.
    ///
    /// [google.cloud.kms.v1.Certificate.parsed]: crate::model::Certificate::parsed
    pub sha256_fingerprint: std::string::String,

    pub(crate) _unknown_fields: serde_json::Map<std::string::String, serde_json::Value>,
}

impl Certificate {
    pub fn new() -> Self {
        std::default::Default::default()
    }

    /// Sets the value of [raw_der][crate::model::Certificate::raw_der].
    pub fn set_raw_der<T: std::convert::Into<::bytes::Bytes>>(mut self, v: T) -> Self {
        self.raw_der = v.into();
        self
    }

    /// Sets the value of [parsed][crate::model::Certificate::parsed].
    pub fn set_parsed<T: std::convert::Into<bool>>(mut self, v: T) -> Self {
        self.parsed = v.into();
        self
    }

    /// Sets the value of [issuer][crate::model::Certificate::issuer].
    pub fn set_issuer<T: std::convert::Into<std::string::String>>(mut self, v: T) -> Self {
        self.issuer = v.into();
        self
    }

    /// Sets the value of [subject][crate::model::Certificate::subject].
    pub fn set_subject<T: std::convert::Into<std::string::String>>(mut self, v: T) -> Self {
        self.subject = v.into();
        self
    }

    /// Sets the value of [subject_alternative_dns_names][crate::model::Certificate::subject_alternative_dns_names].
    pub fn set_subject_alternative_dns_names<T, V>(mut self, v: T) -> Self
    where
        T: std::iter::IntoIterator<Item = V>,
        V: std::convert::Into<std::string::String>,
    {
        use std::iter::Iterator;
        self.subject_alternative_dns_names = v.into_iter().map(|i| i.into()).collect();
        self
    }

    /// Sets the value of [not_before_time][crate::model::Certificate::not_before_time].
    pub fn set_not_before_time<T>(mut self, v: T) -> Self
    where
        T: std::convert::Into<wkt::Timestamp>,
    {
        self.not_before_time = std::option::Option::Some(v.into());
        self
    }

    /// Sets or clears the value of [not_before_time][crate::model::Certificate::not_before_time].
    pub fn set_or_clear_not_before_time<T>(mut self, v: std::option::Option<T>) -> Self
    where
        T: std::convert::Into<wkt::Timestamp>,
    {
        self.not_before_time = v.map(|x| x.into());
        self
    }

    /// Sets the value of [not_after_time][crate::model::Certificate::not_after_time].
    pub fn set_not_after_time<T>(mut self, v: T) -> Self
    where
        T: std::convert::Into<wkt::Timestamp>,
    {
        self.not_after_time = std::option::Option::Some(v.into());
        self
    }

    /// Sets or clears the value of [not_after_time][crate::model::Certificate::not_after_time].
    pub fn set_or_clear_not_after_time<T>(mut self, v: std::option::Option<T>) -> Self
    where
        T: std::convert::Into<wkt::Timestamp>,
    {
        self.not_after_time = v.map(|x| x.into());
        self
    }

    /// Sets the value of [serial_number][crate::model::Certificate::serial_number].
    pub fn set_serial_number<T: std::convert::Into<std::string::String>>(mut self, v: T) -> Self {
        self.serial_number = v.into();
        self
    }

    /// Sets the value of [sha256_fingerprint][crate::model::Certificate::sha256_fingerprint].
    pub fn set_sha256_fingerprint<T: std::convert::Into<std::string::String>>(
        mut self,
        v: T,
    ) -> Self {
        self.sha256_fingerprint = v.into();
        self
    }
}

impl wkt::message::Message for Certificate {
    fn typename() -> &'static str {
        "type.googleapis.com/google.cloud.kms.v1.Certificate"
    }
}

/// An [EkmConnection][google.cloud.kms.v1.EkmConnection] represents an
/// individual EKM connection. It can be used for creating
/// [CryptoKeys][google.cloud.kms.v1.CryptoKey] and
/// [CryptoKeyVersions][google.cloud.kms.v1.CryptoKeyVersion] with a
/// [ProtectionLevel][google.cloud.kms.v1.ProtectionLevel] of
/// [EXTERNAL_VPC][google.cloud.kms.v1.ProtectionLevel.EXTERNAL_VPC], as well as
/// performing cryptographic operations using keys created within the
/// [EkmConnection][google.cloud.kms.v1.EkmConnection].
///
/// [google.cloud.kms.v1.CryptoKey]: crate::model::CryptoKey
/// [google.cloud.kms.v1.CryptoKeyVersion]: crate::model::CryptoKeyVersion
/// [google.cloud.kms.v1.EkmConnection]: crate::model::EkmConnection
/// [google.cloud.kms.v1.ProtectionLevel]: crate::model::ProtectionLevel
/// [google.cloud.kms.v1.ProtectionLevel.EXTERNAL_VPC]: crate::model::ProtectionLevel::ExternalVpc
#[derive(Clone, Default, PartialEq)]
#[non_exhaustive]
pub struct EkmConnection {
    /// Output only. The resource name for the
    /// [EkmConnection][google.cloud.kms.v1.EkmConnection] in the format
    /// `projects/*/locations/*/ekmConnections/*`.
    ///
    /// [google.cloud.kms.v1.EkmConnection]: crate::model::EkmConnection
    pub name: std::string::String,

    /// Output only. The time at which the
    /// [EkmConnection][google.cloud.kms.v1.EkmConnection] was created.
    ///
    /// [google.cloud.kms.v1.EkmConnection]: crate::model::EkmConnection
    pub create_time: std::option::Option<wkt::Timestamp>,

    /// Optional. A list of
    /// [ServiceResolvers][google.cloud.kms.v1.EkmConnection.ServiceResolver] where
    /// the EKM can be reached. There should be one ServiceResolver per EKM
    /// replica. Currently, only a single
    /// [ServiceResolver][google.cloud.kms.v1.EkmConnection.ServiceResolver] is
    /// supported.
    ///
    /// [google.cloud.kms.v1.EkmConnection.ServiceResolver]: crate::model::ekm_connection::ServiceResolver
    pub service_resolvers: std::vec::Vec<crate::model::ekm_connection::ServiceResolver>,

    /// Optional. Etag of the currently stored
    /// [EkmConnection][google.cloud.kms.v1.EkmConnection].
    ///
    /// [google.cloud.kms.v1.EkmConnection]: crate::model::EkmConnection
    pub etag: std::string::String,

    /// Optional. Describes who can perform control plane operations on the EKM. If
    /// unset, this defaults to
    /// [MANUAL][google.cloud.kms.v1.EkmConnection.KeyManagementMode.MANUAL].
    ///
    /// [google.cloud.kms.v1.EkmConnection.KeyManagementMode.MANUAL]: crate::model::ekm_connection::KeyManagementMode::Manual
    pub key_management_mode: crate::model::ekm_connection::KeyManagementMode,

    /// Optional. Identifies the EKM Crypto Space that this
    /// [EkmConnection][google.cloud.kms.v1.EkmConnection] maps to. Note: This
    /// field is required if
    /// [KeyManagementMode][google.cloud.kms.v1.EkmConnection.KeyManagementMode] is
    /// [CLOUD_KMS][google.cloud.kms.v1.EkmConnection.KeyManagementMode.CLOUD_KMS].
    ///
    /// [google.cloud.kms.v1.EkmConnection]: crate::model::EkmConnection
    /// [google.cloud.kms.v1.EkmConnection.KeyManagementMode]: crate::model::ekm_connection::KeyManagementMode
    /// [google.cloud.kms.v1.EkmConnection.KeyManagementMode.CLOUD_KMS]: crate::model::ekm_connection::KeyManagementMode::CloudKms
    pub crypto_space_path: std::string::String,

    pub(crate) _unknown_fields: serde_json::Map<std::string::String, serde_json::Value>,
}

impl EkmConnection {
    pub fn new() -> Self {
        std::default::Default::default()
    }

    /// Sets the value of [name][crate::model::EkmConnection::name].
    pub fn set_name<T: std::convert::Into<std::string::String>>(mut self, v: T) -> Self {
        self.name = v.into();
        self
    }

    /// Sets the value of [create_time][crate::model::EkmConnection::create_time].
    pub fn set_create_time<T>(mut self, v: T) -> Self
    where
        T: std::convert::Into<wkt::Timestamp>,
    {
        self.create_time = std::option::Option::Some(v.into());
        self
    }

    /// Sets or clears the value of [create_time][crate::model::EkmConnection::create_time].
    pub fn set_or_clear_create_time<T>(mut self, v: std::option::Option<T>) -> Self
    where
        T: std::convert::Into<wkt::Timestamp>,
    {
        self.create_time = v.map(|x| x.into());
        self
    }

    /// Sets the value of [service_resolvers][crate::model::EkmConnection::service_resolvers].
    pub fn set_service_resolvers<T, V>(mut self, v: T) -> Self
    where
        T: std::iter::IntoIterator<Item = V>,
        V: std::convert::Into<crate::model::ekm_connection::ServiceResolver>,
    {
        use std::iter::Iterator;
        self.service_resolvers = v.into_iter().map(|i| i.into()).collect();
        self
    }

    /// Sets the value of [etag][crate::model::EkmConnection::etag].
    pub fn set_etag<T: std::convert::Into<std::string::String>>(mut self, v: T) -> Self {
        self.etag = v.into();
        self
    }

    /// Sets the value of [key_management_mode][crate::model::EkmConnection::key_management_mode].
    pub fn set_key_management_mode<
        T: std::convert::Into<crate::model::ekm_connection::KeyManagementMode>,
    >(
        mut self,
        v: T,
    ) -> Self {
        self.key_management_mode = v.into();
        self
    }

    /// Sets the value of [crypto_space_path][crate::model::EkmConnection::crypto_space_path].
    pub fn set_crypto_space_path<T: std::convert::Into<std::string::String>>(
        mut self,
        v: T,
    ) -> Self {
        self.crypto_space_path = v.into();
        self
    }
}

impl wkt::message::Message for EkmConnection {
    fn typename() -> &'static str {
        "type.googleapis.com/google.cloud.kms.v1.EkmConnection"
    }
}

/// Defines additional types related to [EkmConnection].
pub mod ekm_connection {
    #[allow(unused_imports)]
    use super::*;

    /// A [ServiceResolver][google.cloud.kms.v1.EkmConnection.ServiceResolver]
    /// represents an EKM replica that can be reached within an
    /// [EkmConnection][google.cloud.kms.v1.EkmConnection].
    ///
    /// [google.cloud.kms.v1.EkmConnection]: crate::model::EkmConnection
    /// [google.cloud.kms.v1.EkmConnection.ServiceResolver]: crate::model::ekm_connection::ServiceResolver
    #[derive(Clone, Default, PartialEq)]
    #[non_exhaustive]
    pub struct ServiceResolver {
        /// Required. The resource name of the Service Directory service pointing to
        /// an EKM replica, in the format
        /// `projects/*/locations/*/namespaces/*/services/*`.
        pub service_directory_service: std::string::String,

        /// Optional. The filter applied to the endpoints of the resolved service. If
        /// no filter is specified, all endpoints will be considered. An endpoint
        /// will be chosen arbitrarily from the filtered list for each request.
        ///
        /// For endpoint filter syntax and examples, see
        /// <https://cloud.google.com/service-directory/docs/reference/rpc/google.cloud.servicedirectory.v1#resolveservicerequest>.
        pub endpoint_filter: std::string::String,

        /// Required. The hostname of the EKM replica used at TLS and HTTP layers.
        pub hostname: std::string::String,

        /// Required. A list of leaf server certificates used to authenticate HTTPS
        /// connections to the EKM replica. Currently, a maximum of 10
        /// [Certificate][google.cloud.kms.v1.Certificate] is supported.
        ///
        /// [google.cloud.kms.v1.Certificate]: crate::model::Certificate
        pub server_certificates: std::vec::Vec<crate::model::Certificate>,

        pub(crate) _unknown_fields: serde_json::Map<std::string::String, serde_json::Value>,
    }

    impl ServiceResolver {
        pub fn new() -> Self {
            std::default::Default::default()
        }

        /// Sets the value of [service_directory_service][crate::model::ekm_connection::ServiceResolver::service_directory_service].
        pub fn set_service_directory_service<T: std::convert::Into<std::string::String>>(
            mut self,
            v: T,
        ) -> Self {
            self.service_directory_service = v.into();
            self
        }

        /// Sets the value of [endpoint_filter][crate::model::ekm_connection::ServiceResolver::endpoint_filter].
        pub fn set_endpoint_filter<T: std::convert::Into<std::string::String>>(
            mut self,
            v: T,
        ) -> Self {
            self.endpoint_filter = v.into();
            self
        }

        /// Sets the value of [hostname][crate::model::ekm_connection::ServiceResolver::hostname].
        pub fn set_hostname<T: std::convert::Into<std::string::String>>(mut self, v: T) -> Self {
            self.hostname = v.into();
            self
        }

        /// Sets the value of [server_certificates][crate::model::ekm_connection::ServiceResolver::server_certificates].
        pub fn set_server_certificates<T, V>(mut self, v: T) -> Self
        where
            T: std::iter::IntoIterator<Item = V>,
            V: std::convert::Into<crate::model::Certificate>,
        {
            use std::iter::Iterator;
            self.server_certificates = v.into_iter().map(|i| i.into()).collect();
            self
        }
    }

    impl wkt::message::Message for ServiceResolver {
        fn typename() -> &'static str {
            "type.googleapis.com/google.cloud.kms.v1.EkmConnection.ServiceResolver"
        }
    }

    /// [KeyManagementMode][google.cloud.kms.v1.EkmConnection.KeyManagementMode]
    /// describes who can perform control plane cryptographic operations using this
    /// [EkmConnection][google.cloud.kms.v1.EkmConnection].
    ///
    /// [google.cloud.kms.v1.EkmConnection]: crate::model::EkmConnection
    /// [google.cloud.kms.v1.EkmConnection.KeyManagementMode]: crate::model::ekm_connection::KeyManagementMode
    ///
    /// # Working with unknown values
    ///
    /// This enum is defined as `#[non_exhaustive]` because Google Cloud may add
    /// additional enum variants at any time. Adding new variants is not considered
    /// a breaking change. Applications should write their code in anticipation of:
    ///
    /// - New values appearing in future releases of the client library, **and**
    /// - New values received dynamically, without application changes.
    ///
    /// Please consult the [Working with enums] section in the user guide for some
    /// guidelines.
    ///
    /// [Working with enums]: https://google-cloud-rust.github.io/working_with_enums.html
    #[derive(Clone, Debug, PartialEq)]
    #[non_exhaustive]
    pub enum KeyManagementMode {
        /// Not specified.
        Unspecified,
        /// EKM-side key management operations on
        /// [CryptoKeys][google.cloud.kms.v1.CryptoKey] created with this
        /// [EkmConnection][google.cloud.kms.v1.EkmConnection] must be initiated from
        /// the EKM directly and cannot be performed from Cloud KMS. This means that:
        ///
        /// * When creating a
        ///   [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] associated with
        ///   this
        ///   [EkmConnection][google.cloud.kms.v1.EkmConnection], the caller must
        ///   supply the key path of pre-existing external key material that will be
        ///   linked to the [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion].
        /// * Destruction of external key material cannot be requested via the
        ///   Cloud KMS API and must be performed directly in the EKM.
        /// * Automatic rotation of key material is not supported.
        ///
        /// [google.cloud.kms.v1.CryptoKey]: crate::model::CryptoKey
        /// [google.cloud.kms.v1.CryptoKeyVersion]: crate::model::CryptoKeyVersion
        /// [google.cloud.kms.v1.EkmConnection]: crate::model::EkmConnection
        Manual,
        /// All [CryptoKeys][google.cloud.kms.v1.CryptoKey] created with this
        /// [EkmConnection][google.cloud.kms.v1.EkmConnection] use EKM-side key
        /// management operations initiated from Cloud KMS. This means that:
        ///
        /// * When a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]
        ///   associated with this [EkmConnection][google.cloud.kms.v1.EkmConnection]
        ///   is
        ///   created, the EKM automatically generates new key material and a new
        ///   key path. The caller cannot supply the key path of pre-existing
        ///   external key material.
        /// * Destruction of external key material associated with this
        ///   [EkmConnection][google.cloud.kms.v1.EkmConnection] can be requested by
        ///   calling
        ///   [DestroyCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.DestroyCryptoKeyVersion].
        /// * Automatic rotation of key material is supported.
        ///
        /// [google.cloud.kms.v1.CryptoKey]: crate::model::CryptoKey
        /// [google.cloud.kms.v1.CryptoKeyVersion]: crate::model::CryptoKeyVersion
        /// [google.cloud.kms.v1.EkmConnection]: crate::model::EkmConnection
        /// [google.cloud.kms.v1.KeyManagementService.DestroyCryptoKeyVersion]: crate::client::KeyManagementService::destroy_crypto_key_version
        CloudKms,
        /// If set, the enum was initialized with an unknown value.
        ///
        /// Applications can examine the value using [KeyManagementMode::value] or
        /// [KeyManagementMode::name].
        UnknownValue(key_management_mode::UnknownValue),
    }

    #[doc(hidden)]
    pub mod key_management_mode {
        #[allow(unused_imports)]
        use super::*;
        #[derive(Clone, Debug, PartialEq)]
        pub struct UnknownValue(pub(crate) wkt::internal::UnknownEnumValue);
    }

    impl KeyManagementMode {
        /// Gets the enum value.
        ///
        /// Returns `None` if the enum contains an unknown value deserialized from
        /// the string representation of enums.
        pub fn value(&self) -> std::option::Option<i32> {
            match self {
                Self::Unspecified => std::option::Option::Some(0),
                Self::Manual => std::option::Option::Some(1),
                Self::CloudKms => std::option::Option::Some(2),
                Self::UnknownValue(u) => u.0.value(),
            }
        }

        /// Gets the enum value as a string.
        ///
        /// Returns `None` if the enum contains an unknown value deserialized from
        /// the integer representation of enums.
        pub fn name(&self) -> std::option::Option<&str> {
            match self {
                Self::Unspecified => std::option::Option::Some("KEY_MANAGEMENT_MODE_UNSPECIFIED"),
                Self::Manual => std::option::Option::Some("MANUAL"),
                Self::CloudKms => std::option::Option::Some("CLOUD_KMS"),
                Self::UnknownValue(u) => u.0.name(),
            }
        }
    }

    impl std::default::Default for KeyManagementMode {
        fn default() -> Self {
            use std::convert::From;
            Self::from(0)
        }
    }

    impl std::fmt::Display for KeyManagementMode {
        fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::result::Result<(), std::fmt::Error> {
            wkt::internal::display_enum(f, self.name(), self.value())
        }
    }

    impl std::convert::From<i32> for KeyManagementMode {
        fn from(value: i32) -> Self {
            match value {
                0 => Self::Unspecified,
                1 => Self::Manual,
                2 => Self::CloudKms,
                _ => Self::UnknownValue(key_management_mode::UnknownValue(
                    wkt::internal::UnknownEnumValue::Integer(value),
                )),
            }
        }
    }

    impl std::convert::From<&str> for KeyManagementMode {
        fn from(value: &str) -> Self {
            use std::string::ToString;
            match value {
                "KEY_MANAGEMENT_MODE_UNSPECIFIED" => Self::Unspecified,
                "MANUAL" => Self::Manual,
                "CLOUD_KMS" => Self::CloudKms,
                _ => Self::UnknownValue(key_management_mode::UnknownValue(
                    wkt::internal::UnknownEnumValue::String(value.to_string()),
                )),
            }
        }
    }

    impl serde::ser::Serialize for KeyManagementMode {
        fn serialize<S>(&self, serializer: S) -> std::result::Result<S::Ok, S::Error>
        where
            S: serde::Serializer,
        {
            match self {
                Self::Unspecified => serializer.serialize_i32(0),
                Self::Manual => serializer.serialize_i32(1),
                Self::CloudKms => serializer.serialize_i32(2),
                Self::UnknownValue(u) => u.0.serialize(serializer),
            }
        }
    }

    impl<'de> serde::de::Deserialize<'de> for KeyManagementMode {
        fn deserialize<D>(deserializer: D) -> std::result::Result<Self, D::Error>
        where
            D: serde::Deserializer<'de>,
        {
            deserializer.deserialize_any(wkt::internal::EnumVisitor::<KeyManagementMode>::new(
                ".google.cloud.kms.v1.EkmConnection.KeyManagementMode",
            ))
        }
    }
}

/// An [EkmConfig][google.cloud.kms.v1.EkmConfig] is a singleton resource that
/// represents configuration parameters that apply to all
/// [CryptoKeys][google.cloud.kms.v1.CryptoKey] and
/// [CryptoKeyVersions][google.cloud.kms.v1.CryptoKeyVersion] with a
/// [ProtectionLevel][google.cloud.kms.v1.ProtectionLevel] of
/// [EXTERNAL_VPC][google.cloud.kms.v1.ProtectionLevel.EXTERNAL_VPC] in a given
/// project and location.
///
/// [google.cloud.kms.v1.CryptoKey]: crate::model::CryptoKey
/// [google.cloud.kms.v1.CryptoKeyVersion]: crate::model::CryptoKeyVersion
/// [google.cloud.kms.v1.EkmConfig]: crate::model::EkmConfig
/// [google.cloud.kms.v1.ProtectionLevel]: crate::model::ProtectionLevel
/// [google.cloud.kms.v1.ProtectionLevel.EXTERNAL_VPC]: crate::model::ProtectionLevel::ExternalVpc
#[derive(Clone, Default, PartialEq)]
#[non_exhaustive]
pub struct EkmConfig {
    /// Output only. The resource name for the
    /// [EkmConfig][google.cloud.kms.v1.EkmConfig] in the format
    /// `projects/*/locations/*/ekmConfig`.
    ///
    /// [google.cloud.kms.v1.EkmConfig]: crate::model::EkmConfig
    pub name: std::string::String,

    /// Optional. Resource name of the default
    /// [EkmConnection][google.cloud.kms.v1.EkmConnection]. Setting this field to
    /// the empty string removes the default.
    ///
    /// [google.cloud.kms.v1.EkmConnection]: crate::model::EkmConnection
    pub default_ekm_connection: std::string::String,

    pub(crate) _unknown_fields: serde_json::Map<std::string::String, serde_json::Value>,
}

impl EkmConfig {
    pub fn new() -> Self {
        std::default::Default::default()
    }

    /// Sets the value of [name][crate::model::EkmConfig::name].
    pub fn set_name<T: std::convert::Into<std::string::String>>(mut self, v: T) -> Self {
        self.name = v.into();
        self
    }

    /// Sets the value of [default_ekm_connection][crate::model::EkmConfig::default_ekm_connection].
    pub fn set_default_ekm_connection<T: std::convert::Into<std::string::String>>(
        mut self,
        v: T,
    ) -> Self {
        self.default_ekm_connection = v.into();
        self
    }
}

impl wkt::message::Message for EkmConfig {
    fn typename() -> &'static str {
        "type.googleapis.com/google.cloud.kms.v1.EkmConfig"
    }
}

/// Request message for
/// [EkmService.VerifyConnectivity][google.cloud.kms.v1.EkmService.VerifyConnectivity].
///
/// [google.cloud.kms.v1.EkmService.VerifyConnectivity]: crate::client::EkmService::verify_connectivity
#[derive(Clone, Default, PartialEq)]
#[non_exhaustive]
pub struct VerifyConnectivityRequest {
    /// Required. The [name][google.cloud.kms.v1.EkmConnection.name] of the
    /// [EkmConnection][google.cloud.kms.v1.EkmConnection] to verify.
    ///
    /// [google.cloud.kms.v1.EkmConnection]: crate::model::EkmConnection
    /// [google.cloud.kms.v1.EkmConnection.name]: crate::model::EkmConnection::name
    pub name: std::string::String,

    pub(crate) _unknown_fields: serde_json::Map<std::string::String, serde_json::Value>,
}

impl VerifyConnectivityRequest {
    pub fn new() -> Self {
        std::default::Default::default()
    }

    /// Sets the value of [name][crate::model::VerifyConnectivityRequest::name].
    pub fn set_name<T: std::convert::Into<std::string::String>>(mut self, v: T) -> Self {
        self.name = v.into();
        self
    }
}

impl wkt::message::Message for VerifyConnectivityRequest {
    fn typename() -> &'static str {
        "type.googleapis.com/google.cloud.kms.v1.VerifyConnectivityRequest"
    }
}

/// Response message for
/// [EkmService.VerifyConnectivity][google.cloud.kms.v1.EkmService.VerifyConnectivity].
///
/// [google.cloud.kms.v1.EkmService.VerifyConnectivity]: crate::client::EkmService::verify_connectivity
#[derive(Clone, Default, PartialEq)]
#[non_exhaustive]
pub struct VerifyConnectivityResponse {
    pub(crate) _unknown_fields: serde_json::Map<std::string::String, serde_json::Value>,
}

impl VerifyConnectivityResponse {
    pub fn new() -> Self {
        std::default::Default::default()
    }
}

impl wkt::message::Message for VerifyConnectivityResponse {
    fn typename() -> &'static str {
        "type.googleapis.com/google.cloud.kms.v1.VerifyConnectivityResponse"
    }
}

/// A [KeyRing][google.cloud.kms.v1.KeyRing] is a toplevel logical grouping of
/// [CryptoKeys][google.cloud.kms.v1.CryptoKey].
///
/// [google.cloud.kms.v1.CryptoKey]: crate::model::CryptoKey
/// [google.cloud.kms.v1.KeyRing]: crate::model::KeyRing
#[derive(Clone, Default, PartialEq)]
#[non_exhaustive]
pub struct KeyRing {
    /// Output only. The resource name for the
    /// [KeyRing][google.cloud.kms.v1.KeyRing] in the format
    /// `projects/*/locations/*/keyRings/*`.
    ///
    /// [google.cloud.kms.v1.KeyRing]: crate::model::KeyRing
    pub name: std::string::String,

    /// Output only. The time at which this [KeyRing][google.cloud.kms.v1.KeyRing]
    /// was created.
    ///
    /// [google.cloud.kms.v1.KeyRing]: crate::model::KeyRing
    pub create_time: std::option::Option<wkt::Timestamp>,

    pub(crate) _unknown_fields: serde_json::Map<std::string::String, serde_json::Value>,
}

impl KeyRing {
    pub fn new() -> Self {
        std::default::Default::default()
    }

    /// Sets the value of [name][crate::model::KeyRing::name].
    pub fn set_name<T: std::convert::Into<std::string::String>>(mut self, v: T) -> Self {
        self.name = v.into();
        self
    }

    /// Sets the value of [create_time][crate::model::KeyRing::create_time].
    pub fn set_create_time<T>(mut self, v: T) -> Self
    where
        T: std::convert::Into<wkt::Timestamp>,
    {
        self.create_time = std::option::Option::Some(v.into());
        self
    }

    /// Sets or clears the value of [create_time][crate::model::KeyRing::create_time].
    pub fn set_or_clear_create_time<T>(mut self, v: std::option::Option<T>) -> Self
    where
        T: std::convert::Into<wkt::Timestamp>,
    {
        self.create_time = v.map(|x| x.into());
        self
    }
}

impl wkt::message::Message for KeyRing {
    fn typename() -> &'static str {
        "type.googleapis.com/google.cloud.kms.v1.KeyRing"
    }
}

/// A [CryptoKey][google.cloud.kms.v1.CryptoKey] represents a logical key that
/// can be used for cryptographic operations.
///
/// A [CryptoKey][google.cloud.kms.v1.CryptoKey] is made up of zero or more
/// [versions][google.cloud.kms.v1.CryptoKeyVersion], which represent the actual
/// key material used in cryptographic operations.
///
/// [google.cloud.kms.v1.CryptoKey]: crate::model::CryptoKey
/// [google.cloud.kms.v1.CryptoKeyVersion]: crate::model::CryptoKeyVersion
#[derive(Clone, Default, PartialEq)]
#[non_exhaustive]
pub struct CryptoKey {
    /// Output only. The resource name for this
    /// [CryptoKey][google.cloud.kms.v1.CryptoKey] in the format
    /// `projects/*/locations/*/keyRings/*/cryptoKeys/*`.
    ///
    /// [google.cloud.kms.v1.CryptoKey]: crate::model::CryptoKey
    pub name: std::string::String,

    /// Output only. A copy of the "primary"
    /// [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] that will be used
    /// by [Encrypt][google.cloud.kms.v1.KeyManagementService.Encrypt] when this
    /// [CryptoKey][google.cloud.kms.v1.CryptoKey] is given in
    /// [EncryptRequest.name][google.cloud.kms.v1.EncryptRequest.name].
    ///
    /// The [CryptoKey][google.cloud.kms.v1.CryptoKey]'s primary version can be
    /// updated via
    /// [UpdateCryptoKeyPrimaryVersion][google.cloud.kms.v1.KeyManagementService.UpdateCryptoKeyPrimaryVersion].
    ///
    /// Keys with [purpose][google.cloud.kms.v1.CryptoKey.purpose]
    /// [ENCRYPT_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT]
    /// may have a primary. For other keys, this field will be omitted.
    ///
    /// [google.cloud.kms.v1.CryptoKey]: crate::model::CryptoKey
    /// [google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT]: crate::model::crypto_key::CryptoKeyPurpose::EncryptDecrypt
    /// [google.cloud.kms.v1.CryptoKey.purpose]: crate::model::CryptoKey::purpose
    /// [google.cloud.kms.v1.CryptoKeyVersion]: crate::model::CryptoKeyVersion
    /// [google.cloud.kms.v1.EncryptRequest.name]: crate::model::EncryptRequest::name
    /// [google.cloud.kms.v1.KeyManagementService.Encrypt]: crate::client::KeyManagementService::encrypt
    /// [google.cloud.kms.v1.KeyManagementService.UpdateCryptoKeyPrimaryVersion]: crate::client::KeyManagementService::update_crypto_key_primary_version
    pub primary: std::option::Option<crate::model::CryptoKeyVersion>,

    /// Immutable. The immutable purpose of this
    /// [CryptoKey][google.cloud.kms.v1.CryptoKey].
    ///
    /// [google.cloud.kms.v1.CryptoKey]: crate::model::CryptoKey
    pub purpose: crate::model::crypto_key::CryptoKeyPurpose,

    /// Output only. The time at which this
    /// [CryptoKey][google.cloud.kms.v1.CryptoKey] was created.
    ///
    /// [google.cloud.kms.v1.CryptoKey]: crate::model::CryptoKey
    pub create_time: std::option::Option<wkt::Timestamp>,

    /// At [next_rotation_time][google.cloud.kms.v1.CryptoKey.next_rotation_time],
    /// the Key Management Service will automatically:
    ///
    /// 1. Create a new version of this [CryptoKey][google.cloud.kms.v1.CryptoKey].
    /// 1. Mark the new version as primary.
    ///
    /// Key rotations performed manually via
    /// [CreateCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.CreateCryptoKeyVersion]
    /// and
    /// [UpdateCryptoKeyPrimaryVersion][google.cloud.kms.v1.KeyManagementService.UpdateCryptoKeyPrimaryVersion]
    /// do not affect
    /// [next_rotation_time][google.cloud.kms.v1.CryptoKey.next_rotation_time].
    ///
    /// Keys with [purpose][google.cloud.kms.v1.CryptoKey.purpose]
    /// [ENCRYPT_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT]
    /// support automatic rotation. For other keys, this field must be omitted.
    ///
    /// [google.cloud.kms.v1.CryptoKey]: crate::model::CryptoKey
    /// [google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT]: crate::model::crypto_key::CryptoKeyPurpose::EncryptDecrypt
    /// [google.cloud.kms.v1.CryptoKey.next_rotation_time]: crate::model::CryptoKey::next_rotation_time
    /// [google.cloud.kms.v1.CryptoKey.purpose]: crate::model::CryptoKey::purpose
    /// [google.cloud.kms.v1.KeyManagementService.CreateCryptoKeyVersion]: crate::client::KeyManagementService::create_crypto_key_version
    /// [google.cloud.kms.v1.KeyManagementService.UpdateCryptoKeyPrimaryVersion]: crate::client::KeyManagementService::update_crypto_key_primary_version
    pub next_rotation_time: std::option::Option<wkt::Timestamp>,

    /// A template describing settings for new
    /// [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] instances. The
    /// properties of new [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]
    /// instances created by either
    /// [CreateCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.CreateCryptoKeyVersion]
    /// or auto-rotation are controlled by this template.
    ///
    /// [google.cloud.kms.v1.CryptoKeyVersion]: crate::model::CryptoKeyVersion
    /// [google.cloud.kms.v1.KeyManagementService.CreateCryptoKeyVersion]: crate::client::KeyManagementService::create_crypto_key_version
    pub version_template: std::option::Option<crate::model::CryptoKeyVersionTemplate>,

    /// Labels with user-defined metadata. For more information, see
    /// [Labeling Keys](https://cloud.google.com/kms/docs/labeling-keys).
    pub labels: std::collections::HashMap<std::string::String, std::string::String>,

    /// Immutable. Whether this key may contain imported versions only.
    pub import_only: bool,

    /// Immutable. The period of time that versions of this key spend in the
    /// [DESTROY_SCHEDULED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROY_SCHEDULED]
    /// state before transitioning to
    /// [DESTROYED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROYED].
    /// If not specified at creation time, the default duration is 30 days.
    ///
    /// [google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROYED]: crate::model::crypto_key_version::CryptoKeyVersionState::Destroyed
    /// [google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROY_SCHEDULED]: crate::model::crypto_key_version::CryptoKeyVersionState::DestroyScheduled
    pub destroy_scheduled_duration: std::option::Option<wkt::Duration>,

    /// Immutable. The resource name of the backend environment where the key
    /// material for all [CryptoKeyVersions][google.cloud.kms.v1.CryptoKeyVersion]
    /// associated with this [CryptoKey][google.cloud.kms.v1.CryptoKey] reside and
    /// where all related cryptographic operations are performed. Only applicable
    /// if [CryptoKeyVersions][google.cloud.kms.v1.CryptoKeyVersion] have a
    /// [ProtectionLevel][google.cloud.kms.v1.ProtectionLevel] of
    /// [EXTERNAL_VPC][google.cloud.kms.v1.ProtectionLevel.EXTERNAL_VPC], with the
    /// resource name in the format `projects/*/locations/*/ekmConnections/*`.
    /// Note, this list is non-exhaustive and may apply to additional
    /// [ProtectionLevels][google.cloud.kms.v1.ProtectionLevel] in the future.
    ///
    /// [google.cloud.kms.v1.CryptoKey]: crate::model::CryptoKey
    /// [google.cloud.kms.v1.CryptoKeyVersion]: crate::model::CryptoKeyVersion
    /// [google.cloud.kms.v1.ProtectionLevel]: crate::model::ProtectionLevel
    /// [google.cloud.kms.v1.ProtectionLevel.EXTERNAL_VPC]: crate::model::ProtectionLevel::ExternalVpc
    pub crypto_key_backend: std::string::String,

    /// Optional. The policy used for Key Access Justifications Policy Enforcement.
    /// If this field is present and this key is enrolled in Key Access
    /// Justifications Policy Enforcement, the policy will be evaluated in encrypt,
    /// decrypt, and sign operations, and the operation will fail if rejected by
    /// the policy. The policy is defined by specifying zero or more allowed
    /// justification codes.
    /// <https://cloud.google.com/assured-workloads/key-access-justifications/docs/justification-codes>
    /// By default, this field is absent, and all justification codes are allowed.
    pub key_access_justifications_policy:
        std::option::Option<crate::model::KeyAccessJustificationsPolicy>,

    /// Controls the rate of automatic rotation.
    pub rotation_schedule: std::option::Option<crate::model::crypto_key::RotationSchedule>,

    pub(crate) _unknown_fields: serde_json::Map<std::string::String, serde_json::Value>,
}

impl CryptoKey {
    pub fn new() -> Self {
        std::default::Default::default()
    }

    /// Sets the value of [name][crate::model::CryptoKey::name].
    pub fn set_name<T: std::convert::Into<std::string::String>>(mut self, v: T) -> Self {
        self.name = v.into();
        self
    }

    /// Sets the value of [primary][crate::model::CryptoKey::primary].
    pub fn set_primary<T>(mut self, v: T) -> Self
    where
        T: std::convert::Into<crate::model::CryptoKeyVersion>,
    {
        self.primary = std::option::Option::Some(v.into());
        self
    }

    /// Sets or clears the value of [primary][crate::model::CryptoKey::primary].
    pub fn set_or_clear_primary<T>(mut self, v: std::option::Option<T>) -> Self
    where
        T: std::convert::Into<crate::model::CryptoKeyVersion>,
    {
        self.primary = v.map(|x| x.into());
        self
    }

    /// Sets the value of [purpose][crate::model::CryptoKey::purpose].
    pub fn set_purpose<T: std::convert::Into<crate::model::crypto_key::CryptoKeyPurpose>>(
        mut self,
        v: T,
    ) -> Self {
        self.purpose = v.into();
        self
    }

    /// Sets the value of [create_time][crate::model::CryptoKey::create_time].
    pub fn set_create_time<T>(mut self, v: T) -> Self
    where
        T: std::convert::Into<wkt::Timestamp>,
    {
        self.create_time = std::option::Option::Some(v.into());
        self
    }

    /// Sets or clears the value of [create_time][crate::model::CryptoKey::create_time].
    pub fn set_or_clear_create_time<T>(mut self, v: std::option::Option<T>) -> Self
    where
        T: std::convert::Into<wkt::Timestamp>,
    {
        self.create_time = v.map(|x| x.into());
        self
    }

    /// Sets the value of [next_rotation_time][crate::model::CryptoKey::next_rotation_time].
    pub fn set_next_rotation_time<T>(mut self, v: T) -> Self
    where
        T: std::convert::Into<wkt::Timestamp>,
    {
        self.next_rotation_time = std::option::Option::Some(v.into());
        self
    }

    /// Sets or clears the value of [next_rotation_time][crate::model::CryptoKey::next_rotation_time].
    pub fn set_or_clear_next_rotation_time<T>(mut self, v: std::option::Option<T>) -> Self
    where
        T: std::convert::Into<wkt::Timestamp>,
    {
        self.next_rotation_time = v.map(|x| x.into());
        self
    }

    /// Sets the value of [version_template][crate::model::CryptoKey::version_template].
    pub fn set_version_template<T>(mut self, v: T) -> Self
    where
        T: std::convert::Into<crate::model::CryptoKeyVersionTemplate>,
    {
        self.version_template = std::option::Option::Some(v.into());
        self
    }

    /// Sets or clears the value of [version_template][crate::model::CryptoKey::version_template].
    pub fn set_or_clear_version_template<T>(mut self, v: std::option::Option<T>) -> Self
    where
        T: std::convert::Into<crate::model::CryptoKeyVersionTemplate>,
    {
        self.version_template = v.map(|x| x.into());
        self
    }

    /// Sets the value of [labels][crate::model::CryptoKey::labels].
    pub fn set_labels<T, K, V>(mut self, v: T) -> Self
    where
        T: std::iter::IntoIterator<Item = (K, V)>,
        K: std::convert::Into<std::string::String>,
        V: std::convert::Into<std::string::String>,
    {
        use std::iter::Iterator;
        self.labels = v.into_iter().map(|(k, v)| (k.into(), v.into())).collect();
        self
    }

    /// Sets the value of [import_only][crate::model::CryptoKey::import_only].
    pub fn set_import_only<T: std::convert::Into<bool>>(mut self, v: T) -> Self {
        self.import_only = v.into();
        self
    }

    /// Sets the value of [destroy_scheduled_duration][crate::model::CryptoKey::destroy_scheduled_duration].
    pub fn set_destroy_scheduled_duration<T>(mut self, v: T) -> Self
    where
        T: std::convert::Into<wkt::Duration>,
    {
        self.destroy_scheduled_duration = std::option::Option::Some(v.into());
        self
    }

    /// Sets or clears the value of [destroy_scheduled_duration][crate::model::CryptoKey::destroy_scheduled_duration].
    pub fn set_or_clear_destroy_scheduled_duration<T>(mut self, v: std::option::Option<T>) -> Self
    where
        T: std::convert::Into<wkt::Duration>,
    {
        self.destroy_scheduled_duration = v.map(|x| x.into());
        self
    }

    /// Sets the value of [crypto_key_backend][crate::model::CryptoKey::crypto_key_backend].
    pub fn set_crypto_key_backend<T: std::convert::Into<std::string::String>>(
        mut self,
        v: T,
    ) -> Self {
        self.crypto_key_backend = v.into();
        self
    }

    /// Sets the value of [key_access_justifications_policy][crate::model::CryptoKey::key_access_justifications_policy].
    pub fn set_key_access_justifications_policy<T>(mut self, v: T) -> Self
    where
        T: std::convert::Into<crate::model::KeyAccessJustificationsPolicy>,
    {
        self.key_access_justifications_policy = std::option::Option::Some(v.into());
        self
    }

    /// Sets or clears the value of [key_access_justifications_policy][crate::model::CryptoKey::key_access_justifications_policy].
    pub fn set_or_clear_key_access_justifications_policy<T>(
        mut self,
        v: std::option::Option<T>,
    ) -> Self
    where
        T: std::convert::Into<crate::model::KeyAccessJustificationsPolicy>,
    {
        self.key_access_justifications_policy = v.map(|x| x.into());
        self
    }

    /// Sets the value of [rotation_schedule][crate::model::CryptoKey::rotation_schedule].
    ///
    /// Note that all the setters affecting `rotation_schedule` are mutually
    /// exclusive.
    pub fn set_rotation_schedule<
        T: std::convert::Into<std::option::Option<crate::model::crypto_key::RotationSchedule>>,
    >(
        mut self,
        v: T,
    ) -> Self {
        self.rotation_schedule = v.into();
        self
    }

    /// The value of [rotation_schedule][crate::model::CryptoKey::rotation_schedule]
    /// if it holds a `RotationPeriod`, `None` if the field is not set or
    /// holds a different branch.
    pub fn rotation_period(&self) -> std::option::Option<&std::boxed::Box<wkt::Duration>> {
        #[allow(unreachable_patterns)]
        self.rotation_schedule.as_ref().and_then(|v| match v {
            crate::model::crypto_key::RotationSchedule::RotationPeriod(v) => {
                std::option::Option::Some(v)
            }
            _ => std::option::Option::None,
        })
    }

    /// Sets the value of [rotation_schedule][crate::model::CryptoKey::rotation_schedule]
    /// to hold a `RotationPeriod`.
    ///
    /// Note that all the setters affecting `rotation_schedule` are
    /// mutually exclusive.
    pub fn set_rotation_period<T: std::convert::Into<std::boxed::Box<wkt::Duration>>>(
        mut self,
        v: T,
    ) -> Self {
        self.rotation_schedule = std::option::Option::Some(
            crate::model::crypto_key::RotationSchedule::RotationPeriod(v.into()),
        );
        self
    }
}

impl wkt::message::Message for CryptoKey {
    fn typename() -> &'static str {
        "type.googleapis.com/google.cloud.kms.v1.CryptoKey"
    }
}

/// Defines additional types related to [CryptoKey].
pub mod crypto_key {
    #[allow(unused_imports)]
    use super::*;

    /// [CryptoKeyPurpose][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose]
    /// describes the cryptographic capabilities of a
    /// [CryptoKey][google.cloud.kms.v1.CryptoKey]. A given key can only be used
    /// for the operations allowed by its purpose. For more information, see [Key
    /// purposes](https://cloud.google.com/kms/docs/algorithms#key_purposes).
    ///
    /// [google.cloud.kms.v1.CryptoKey]: crate::model::CryptoKey
    /// [google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose]: crate::model::crypto_key::CryptoKeyPurpose
    ///
    /// # Working with unknown values
    ///
    /// This enum is defined as `#[non_exhaustive]` because Google Cloud may add
    /// additional enum variants at any time. Adding new variants is not considered
    /// a breaking change. Applications should write their code in anticipation of:
    ///
    /// - New values appearing in future releases of the client library, **and**
    /// - New values received dynamically, without application changes.
    ///
    /// Please consult the [Working with enums] section in the user guide for some
    /// guidelines.
    ///
    /// [Working with enums]: https://google-cloud-rust.github.io/working_with_enums.html
    #[derive(Clone, Debug, PartialEq)]
    #[non_exhaustive]
    pub enum CryptoKeyPurpose {
        /// Not specified.
        Unspecified,
        /// [CryptoKeys][google.cloud.kms.v1.CryptoKey] with this purpose may be used
        /// with [Encrypt][google.cloud.kms.v1.KeyManagementService.Encrypt] and
        /// [Decrypt][google.cloud.kms.v1.KeyManagementService.Decrypt].
        ///
        /// [google.cloud.kms.v1.CryptoKey]: crate::model::CryptoKey
        /// [google.cloud.kms.v1.KeyManagementService.Decrypt]: crate::client::KeyManagementService::decrypt
        /// [google.cloud.kms.v1.KeyManagementService.Encrypt]: crate::client::KeyManagementService::encrypt
        EncryptDecrypt,
        /// [CryptoKeys][google.cloud.kms.v1.CryptoKey] with this purpose may be used
        /// with
        /// [AsymmetricSign][google.cloud.kms.v1.KeyManagementService.AsymmetricSign]
        /// and
        /// [GetPublicKey][google.cloud.kms.v1.KeyManagementService.GetPublicKey].
        ///
        /// [google.cloud.kms.v1.CryptoKey]: crate::model::CryptoKey
        /// [google.cloud.kms.v1.KeyManagementService.AsymmetricSign]: crate::client::KeyManagementService::asymmetric_sign
        /// [google.cloud.kms.v1.KeyManagementService.GetPublicKey]: crate::client::KeyManagementService::get_public_key
        AsymmetricSign,
        /// [CryptoKeys][google.cloud.kms.v1.CryptoKey] with this purpose may be used
        /// with
        /// [AsymmetricDecrypt][google.cloud.kms.v1.KeyManagementService.AsymmetricDecrypt]
        /// and
        /// [GetPublicKey][google.cloud.kms.v1.KeyManagementService.GetPublicKey].
        ///
        /// [google.cloud.kms.v1.CryptoKey]: crate::model::CryptoKey
        /// [google.cloud.kms.v1.KeyManagementService.AsymmetricDecrypt]: crate::client::KeyManagementService::asymmetric_decrypt
        /// [google.cloud.kms.v1.KeyManagementService.GetPublicKey]: crate::client::KeyManagementService::get_public_key
        AsymmetricDecrypt,
        /// [CryptoKeys][google.cloud.kms.v1.CryptoKey] with this purpose may be used
        /// with [RawEncrypt][google.cloud.kms.v1.KeyManagementService.RawEncrypt]
        /// and [RawDecrypt][google.cloud.kms.v1.KeyManagementService.RawDecrypt].
        /// This purpose is meant to be used for interoperable symmetric
        /// encryption and does not support automatic CryptoKey rotation.
        ///
        /// [google.cloud.kms.v1.CryptoKey]: crate::model::CryptoKey
        /// [google.cloud.kms.v1.KeyManagementService.RawDecrypt]: crate::client::KeyManagementService::raw_decrypt
        /// [google.cloud.kms.v1.KeyManagementService.RawEncrypt]: crate::client::KeyManagementService::raw_encrypt
        RawEncryptDecrypt,
        /// [CryptoKeys][google.cloud.kms.v1.CryptoKey] with this purpose may be used
        /// with [MacSign][google.cloud.kms.v1.KeyManagementService.MacSign].
        ///
        /// [google.cloud.kms.v1.CryptoKey]: crate::model::CryptoKey
        /// [google.cloud.kms.v1.KeyManagementService.MacSign]: crate::client::KeyManagementService::mac_sign
        Mac,
        /// [CryptoKeys][google.cloud.kms.v1.CryptoKey] with this purpose may be used
        /// with
        /// [GetPublicKey][google.cloud.kms.v1.KeyManagementService.GetPublicKey]
        /// and [Decapsulate][google.cloud.kms.v1.KeyManagementService.Decapsulate].
        ///
        /// [google.cloud.kms.v1.CryptoKey]: crate::model::CryptoKey
        /// [google.cloud.kms.v1.KeyManagementService.Decapsulate]: crate::client::KeyManagementService::decapsulate
        /// [google.cloud.kms.v1.KeyManagementService.GetPublicKey]: crate::client::KeyManagementService::get_public_key
        KeyEncapsulation,
        /// If set, the enum was initialized with an unknown value.
        ///
        /// Applications can examine the value using [CryptoKeyPurpose::value] or
        /// [CryptoKeyPurpose::name].
        UnknownValue(crypto_key_purpose::UnknownValue),
    }

    #[doc(hidden)]
    pub mod crypto_key_purpose {
        #[allow(unused_imports)]
        use super::*;
        #[derive(Clone, Debug, PartialEq)]
        pub struct UnknownValue(pub(crate) wkt::internal::UnknownEnumValue);
    }

    impl CryptoKeyPurpose {
        /// Gets the enum value.
        ///
        /// Returns `None` if the enum contains an unknown value deserialized from
        /// the string representation of enums.
        pub fn value(&self) -> std::option::Option<i32> {
            match self {
                Self::Unspecified => std::option::Option::Some(0),
                Self::EncryptDecrypt => std::option::Option::Some(1),
                Self::AsymmetricSign => std::option::Option::Some(5),
                Self::AsymmetricDecrypt => std::option::Option::Some(6),
                Self::RawEncryptDecrypt => std::option::Option::Some(7),
                Self::Mac => std::option::Option::Some(9),
                Self::KeyEncapsulation => std::option::Option::Some(10),
                Self::UnknownValue(u) => u.0.value(),
            }
        }

        /// Gets the enum value as a string.
        ///
        /// Returns `None` if the enum contains an unknown value deserialized from
        /// the integer representation of enums.
        pub fn name(&self) -> std::option::Option<&str> {
            match self {
                Self::Unspecified => std::option::Option::Some("CRYPTO_KEY_PURPOSE_UNSPECIFIED"),
                Self::EncryptDecrypt => std::option::Option::Some("ENCRYPT_DECRYPT"),
                Self::AsymmetricSign => std::option::Option::Some("ASYMMETRIC_SIGN"),
                Self::AsymmetricDecrypt => std::option::Option::Some("ASYMMETRIC_DECRYPT"),
                Self::RawEncryptDecrypt => std::option::Option::Some("RAW_ENCRYPT_DECRYPT"),
                Self::Mac => std::option::Option::Some("MAC"),
                Self::KeyEncapsulation => std::option::Option::Some("KEY_ENCAPSULATION"),
                Self::UnknownValue(u) => u.0.name(),
            }
        }
    }

    impl std::default::Default for CryptoKeyPurpose {
        fn default() -> Self {
            use std::convert::From;
            Self::from(0)
        }
    }

    impl std::fmt::Display for CryptoKeyPurpose {
        fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::result::Result<(), std::fmt::Error> {
            wkt::internal::display_enum(f, self.name(), self.value())
        }
    }

    impl std::convert::From<i32> for CryptoKeyPurpose {
        fn from(value: i32) -> Self {
            match value {
                0 => Self::Unspecified,
                1 => Self::EncryptDecrypt,
                5 => Self::AsymmetricSign,
                6 => Self::AsymmetricDecrypt,
                7 => Self::RawEncryptDecrypt,
                9 => Self::Mac,
                10 => Self::KeyEncapsulation,
                _ => Self::UnknownValue(crypto_key_purpose::UnknownValue(
                    wkt::internal::UnknownEnumValue::Integer(value),
                )),
            }
        }
    }

    impl std::convert::From<&str> for CryptoKeyPurpose {
        fn from(value: &str) -> Self {
            use std::string::ToString;
            match value {
                "CRYPTO_KEY_PURPOSE_UNSPECIFIED" => Self::Unspecified,
                "ENCRYPT_DECRYPT" => Self::EncryptDecrypt,
                "ASYMMETRIC_SIGN" => Self::AsymmetricSign,
                "ASYMMETRIC_DECRYPT" => Self::AsymmetricDecrypt,
                "RAW_ENCRYPT_DECRYPT" => Self::RawEncryptDecrypt,
                "MAC" => Self::Mac,
                "KEY_ENCAPSULATION" => Self::KeyEncapsulation,
                _ => Self::UnknownValue(crypto_key_purpose::UnknownValue(
                    wkt::internal::UnknownEnumValue::String(value.to_string()),
                )),
            }
        }
    }

    impl serde::ser::Serialize for CryptoKeyPurpose {
        fn serialize<S>(&self, serializer: S) -> std::result::Result<S::Ok, S::Error>
        where
            S: serde::Serializer,
        {
            match self {
                Self::Unspecified => serializer.serialize_i32(0),
                Self::EncryptDecrypt => serializer.serialize_i32(1),
                Self::AsymmetricSign => serializer.serialize_i32(5),
                Self::AsymmetricDecrypt => serializer.serialize_i32(6),
                Self::RawEncryptDecrypt => serializer.serialize_i32(7),
                Self::Mac => serializer.serialize_i32(9),
                Self::KeyEncapsulation => serializer.serialize_i32(10),
                Self::UnknownValue(u) => u.0.serialize(serializer),
            }
        }
    }

    impl<'de> serde::de::Deserialize<'de> for CryptoKeyPurpose {
        fn deserialize<D>(deserializer: D) -> std::result::Result<Self, D::Error>
        where
            D: serde::Deserializer<'de>,
        {
            deserializer.deserialize_any(wkt::internal::EnumVisitor::<CryptoKeyPurpose>::new(
                ".google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose",
            ))
        }
    }

    /// Controls the rate of automatic rotation.
    #[derive(Clone, Debug, PartialEq)]
    #[non_exhaustive]
    pub enum RotationSchedule {
        /// [next_rotation_time][google.cloud.kms.v1.CryptoKey.next_rotation_time]
        /// will be advanced by this period when the service automatically rotates a
        /// key. Must be at least 24 hours and at most 876,000 hours.
        ///
        /// If [rotation_period][google.cloud.kms.v1.CryptoKey.rotation_period] is
        /// set,
        /// [next_rotation_time][google.cloud.kms.v1.CryptoKey.next_rotation_time]
        /// must also be set.
        ///
        /// Keys with [purpose][google.cloud.kms.v1.CryptoKey.purpose]
        /// [ENCRYPT_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT]
        /// support automatic rotation. For other keys, this field must be omitted.
        ///
        /// [google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT]: crate::model::crypto_key::CryptoKeyPurpose::EncryptDecrypt
        /// [google.cloud.kms.v1.CryptoKey.next_rotation_time]: crate::model::CryptoKey::next_rotation_time
        /// [google.cloud.kms.v1.CryptoKey.purpose]: crate::model::CryptoKey::purpose
        /// [google.cloud.kms.v1.CryptoKey.rotation_period]: crate::model::CryptoKey::rotation_schedule
        RotationPeriod(std::boxed::Box<wkt::Duration>),
    }
}

/// A [CryptoKeyVersionTemplate][google.cloud.kms.v1.CryptoKeyVersionTemplate]
/// specifies the properties to use when creating a new
/// [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion], either manually
/// with
/// [CreateCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.CreateCryptoKeyVersion]
/// or automatically as a result of auto-rotation.
///
/// [google.cloud.kms.v1.CryptoKeyVersion]: crate::model::CryptoKeyVersion
/// [google.cloud.kms.v1.CryptoKeyVersionTemplate]: crate::model::CryptoKeyVersionTemplate
/// [google.cloud.kms.v1.KeyManagementService.CreateCryptoKeyVersion]: crate::client::KeyManagementService::create_crypto_key_version
#[derive(Clone, Default, PartialEq)]
#[non_exhaustive]
pub struct CryptoKeyVersionTemplate {
    /// [ProtectionLevel][google.cloud.kms.v1.ProtectionLevel] to use when creating
    /// a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] based on this
    /// template. Immutable. Defaults to
    /// [SOFTWARE][google.cloud.kms.v1.ProtectionLevel.SOFTWARE].
    ///
    /// [google.cloud.kms.v1.CryptoKeyVersion]: crate::model::CryptoKeyVersion
    /// [google.cloud.kms.v1.ProtectionLevel]: crate::model::ProtectionLevel
    /// [google.cloud.kms.v1.ProtectionLevel.SOFTWARE]: crate::model::ProtectionLevel::Software
    pub protection_level: crate::model::ProtectionLevel,

    /// Required.
    /// [Algorithm][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionAlgorithm]
    /// to use when creating a
    /// [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] based on this
    /// template.
    ///
    /// For backwards compatibility, GOOGLE_SYMMETRIC_ENCRYPTION is implied if both
    /// this field is omitted and
    /// [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] is
    /// [ENCRYPT_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT].
    ///
    /// [google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT]: crate::model::crypto_key::CryptoKeyPurpose::EncryptDecrypt
    /// [google.cloud.kms.v1.CryptoKey.purpose]: crate::model::CryptoKey::purpose
    /// [google.cloud.kms.v1.CryptoKeyVersion]: crate::model::CryptoKeyVersion
    /// [google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionAlgorithm]: crate::model::crypto_key_version::CryptoKeyVersionAlgorithm
    pub algorithm: crate::model::crypto_key_version::CryptoKeyVersionAlgorithm,

    pub(crate) _unknown_fields: serde_json::Map<std::string::String, serde_json::Value>,
}

impl CryptoKeyVersionTemplate {
    pub fn new() -> Self {
        std::default::Default::default()
    }

    /// Sets the value of [protection_level][crate::model::CryptoKeyVersionTemplate::protection_level].
    pub fn set_protection_level<T: std::convert::Into<crate::model::ProtectionLevel>>(
        mut self,
        v: T,
    ) -> Self {
        self.protection_level = v.into();
        self
    }

    /// Sets the value of [algorithm][crate::model::CryptoKeyVersionTemplate::algorithm].
    pub fn set_algorithm<
        T: std::convert::Into<crate::model::crypto_key_version::CryptoKeyVersionAlgorithm>,
    >(
        mut self,
        v: T,
    ) -> Self {
        self.algorithm = v.into();
        self
    }
}

impl wkt::message::Message for CryptoKeyVersionTemplate {
    fn typename() -> &'static str {
        "type.googleapis.com/google.cloud.kms.v1.CryptoKeyVersionTemplate"
    }
}

/// Contains an HSM-generated attestation about a key operation. For more
/// information, see [Verifying attestations]
/// (<https://cloud.google.com/kms/docs/attest-key>).
#[derive(Clone, Default, PartialEq)]
#[non_exhaustive]
pub struct KeyOperationAttestation {
    /// Output only. The format of the attestation data.
    pub format: crate::model::key_operation_attestation::AttestationFormat,

    /// Output only. The attestation data provided by the HSM when the key
    /// operation was performed.
    pub content: ::bytes::Bytes,

    /// Output only. The certificate chains needed to validate the attestation
    pub cert_chains:
        std::option::Option<crate::model::key_operation_attestation::CertificateChains>,

    pub(crate) _unknown_fields: serde_json::Map<std::string::String, serde_json::Value>,
}

impl KeyOperationAttestation {
    pub fn new() -> Self {
        std::default::Default::default()
    }

    /// Sets the value of [format][crate::model::KeyOperationAttestation::format].
    pub fn set_format<
        T: std::convert::Into<crate::model::key_operation_attestation::AttestationFormat>,
    >(
        mut self,
        v: T,
    ) -> Self {
        self.format = v.into();
        self
    }

    /// Sets the value of [content][crate::model::KeyOperationAttestation::content].
    pub fn set_content<T: std::convert::Into<::bytes::Bytes>>(mut self, v: T) -> Self {
        self.content = v.into();
        self
    }

    /// Sets the value of [cert_chains][crate::model::KeyOperationAttestation::cert_chains].
    pub fn set_cert_chains<T>(mut self, v: T) -> Self
    where
        T: std::convert::Into<crate::model::key_operation_attestation::CertificateChains>,
    {
        self.cert_chains = std::option::Option::Some(v.into());
        self
    }

    /// Sets or clears the value of [cert_chains][crate::model::KeyOperationAttestation::cert_chains].
    pub fn set_or_clear_cert_chains<T>(mut self, v: std::option::Option<T>) -> Self
    where
        T: std::convert::Into<crate::model::key_operation_attestation::CertificateChains>,
    {
        self.cert_chains = v.map(|x| x.into());
        self
    }
}

impl wkt::message::Message for KeyOperationAttestation {
    fn typename() -> &'static str {
        "type.googleapis.com/google.cloud.kms.v1.KeyOperationAttestation"
    }
}

/// Defines additional types related to [KeyOperationAttestation].
pub mod key_operation_attestation {
    #[allow(unused_imports)]
    use super::*;

    /// Certificate chains needed to verify the attestation.
    /// Certificates in chains are PEM-encoded and are ordered based on
    /// <https://tools.ietf.org/html/rfc5246#section-7.4.2>.
    #[derive(Clone, Default, PartialEq)]
    #[non_exhaustive]
    pub struct CertificateChains {
        /// Cavium certificate chain corresponding to the attestation.
        pub cavium_certs: std::vec::Vec<std::string::String>,

        /// Google card certificate chain corresponding to the attestation.
        pub google_card_certs: std::vec::Vec<std::string::String>,

        /// Google partition certificate chain corresponding to the attestation.
        pub google_partition_certs: std::vec::Vec<std::string::String>,

        pub(crate) _unknown_fields: serde_json::Map<std::string::String, serde_json::Value>,
    }

    impl CertificateChains {
        pub fn new() -> Self {
            std::default::Default::default()
        }

        /// Sets the value of [cavium_certs][crate::model::key_operation_attestation::CertificateChains::cavium_certs].
        pub fn set_cavium_certs<T, V>(mut self, v: T) -> Self
        where
            T: std::iter::IntoIterator<Item = V>,
            V: std::convert::Into<std::string::String>,
        {
            use std::iter::Iterator;
            self.cavium_certs = v.into_iter().map(|i| i.into()).collect();
            self
        }

        /// Sets the value of [google_card_certs][crate::model::key_operation_attestation::CertificateChains::google_card_certs].
        pub fn set_google_card_certs<T, V>(mut self, v: T) -> Self
        where
            T: std::iter::IntoIterator<Item = V>,
            V: std::convert::Into<std::string::String>,
        {
            use std::iter::Iterator;
            self.google_card_certs = v.into_iter().map(|i| i.into()).collect();
            self
        }

        /// Sets the value of [google_partition_certs][crate::model::key_operation_attestation::CertificateChains::google_partition_certs].
        pub fn set_google_partition_certs<T, V>(mut self, v: T) -> Self
        where
            T: std::iter::IntoIterator<Item = V>,
            V: std::convert::Into<std::string::String>,
        {
            use std::iter::Iterator;
            self.google_partition_certs = v.into_iter().map(|i| i.into()).collect();
            self
        }
    }

    impl wkt::message::Message for CertificateChains {
        fn typename() -> &'static str {
            "type.googleapis.com/google.cloud.kms.v1.KeyOperationAttestation.CertificateChains"
        }
    }

    /// Attestation formats provided by the HSM.
    ///
    /// # Working with unknown values
    ///
    /// This enum is defined as `#[non_exhaustive]` because Google Cloud may add
    /// additional enum variants at any time. Adding new variants is not considered
    /// a breaking change. Applications should write their code in anticipation of:
    ///
    /// - New values appearing in future releases of the client library, **and**
    /// - New values received dynamically, without application changes.
    ///
    /// Please consult the [Working with enums] section in the user guide for some
    /// guidelines.
    ///
    /// [Working with enums]: https://google-cloud-rust.github.io/working_with_enums.html
    #[derive(Clone, Debug, PartialEq)]
    #[non_exhaustive]
    pub enum AttestationFormat {
        /// Not specified.
        Unspecified,
        /// Cavium HSM attestation compressed with gzip. Note that this format is
        /// defined by Cavium and subject to change at any time.
        ///
        /// See
        /// <https://www.marvell.com/products/security-solutions/nitrox-hs-adapters/software-key-attestation.html>.
        CaviumV1Compressed,
        /// Cavium HSM attestation V2 compressed with gzip. This is a new format
        /// introduced in Cavium's version 3.2-08.
        CaviumV2Compressed,
        /// If set, the enum was initialized with an unknown value.
        ///
        /// Applications can examine the value using [AttestationFormat::value] or
        /// [AttestationFormat::name].
        UnknownValue(attestation_format::UnknownValue),
    }

    #[doc(hidden)]
    pub mod attestation_format {
        #[allow(unused_imports)]
        use super::*;
        #[derive(Clone, Debug, PartialEq)]
        pub struct UnknownValue(pub(crate) wkt::internal::UnknownEnumValue);
    }

    impl AttestationFormat {
        /// Gets the enum value.
        ///
        /// Returns `None` if the enum contains an unknown value deserialized from
        /// the string representation of enums.
        pub fn value(&self) -> std::option::Option<i32> {
            match self {
                Self::Unspecified => std::option::Option::Some(0),
                Self::CaviumV1Compressed => std::option::Option::Some(3),
                Self::CaviumV2Compressed => std::option::Option::Some(4),
                Self::UnknownValue(u) => u.0.value(),
            }
        }

        /// Gets the enum value as a string.
        ///
        /// Returns `None` if the enum contains an unknown value deserialized from
        /// the integer representation of enums.
        pub fn name(&self) -> std::option::Option<&str> {
            match self {
                Self::Unspecified => std::option::Option::Some("ATTESTATION_FORMAT_UNSPECIFIED"),
                Self::CaviumV1Compressed => std::option::Option::Some("CAVIUM_V1_COMPRESSED"),
                Self::CaviumV2Compressed => std::option::Option::Some("CAVIUM_V2_COMPRESSED"),
                Self::UnknownValue(u) => u.0.name(),
            }
        }
    }

    impl std::default::Default for AttestationFormat {
        fn default() -> Self {
            use std::convert::From;
            Self::from(0)
        }
    }

    impl std::fmt::Display for AttestationFormat {
        fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::result::Result<(), std::fmt::Error> {
            wkt::internal::display_enum(f, self.name(), self.value())
        }
    }

    impl std::convert::From<i32> for AttestationFormat {
        fn from(value: i32) -> Self {
            match value {
                0 => Self::Unspecified,
                3 => Self::CaviumV1Compressed,
                4 => Self::CaviumV2Compressed,
                _ => Self::UnknownValue(attestation_format::UnknownValue(
                    wkt::internal::UnknownEnumValue::Integer(value),
                )),
            }
        }
    }

    impl std::convert::From<&str> for AttestationFormat {
        fn from(value: &str) -> Self {
            use std::string::ToString;
            match value {
                "ATTESTATION_FORMAT_UNSPECIFIED" => Self::Unspecified,
                "CAVIUM_V1_COMPRESSED" => Self::CaviumV1Compressed,
                "CAVIUM_V2_COMPRESSED" => Self::CaviumV2Compressed,
                _ => Self::UnknownValue(attestation_format::UnknownValue(
                    wkt::internal::UnknownEnumValue::String(value.to_string()),
                )),
            }
        }
    }

    impl serde::ser::Serialize for AttestationFormat {
        fn serialize<S>(&self, serializer: S) -> std::result::Result<S::Ok, S::Error>
        where
            S: serde::Serializer,
        {
            match self {
                Self::Unspecified => serializer.serialize_i32(0),
                Self::CaviumV1Compressed => serializer.serialize_i32(3),
                Self::CaviumV2Compressed => serializer.serialize_i32(4),
                Self::UnknownValue(u) => u.0.serialize(serializer),
            }
        }
    }

    impl<'de> serde::de::Deserialize<'de> for AttestationFormat {
        fn deserialize<D>(deserializer: D) -> std::result::Result<Self, D::Error>
        where
            D: serde::Deserializer<'de>,
        {
            deserializer.deserialize_any(wkt::internal::EnumVisitor::<AttestationFormat>::new(
                ".google.cloud.kms.v1.KeyOperationAttestation.AttestationFormat",
            ))
        }
    }
}

/// A [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] represents an
/// individual cryptographic key, and the associated key material.
///
/// An
/// [ENABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.ENABLED]
/// version can be used for cryptographic operations.
///
/// For security reasons, the raw cryptographic key material represented by a
/// [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] can never be viewed
/// or exported. It can only be used to encrypt, decrypt, or sign data when an
/// authorized user or application invokes Cloud KMS.
///
/// [google.cloud.kms.v1.CryptoKeyVersion]: crate::model::CryptoKeyVersion
/// [google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.ENABLED]: crate::model::crypto_key_version::CryptoKeyVersionState::Enabled
#[derive(Clone, Default, PartialEq)]
#[non_exhaustive]
pub struct CryptoKeyVersion {
    /// Output only. The resource name for this
    /// [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] in the format
    /// `projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*`.
    ///
    /// [google.cloud.kms.v1.CryptoKeyVersion]: crate::model::CryptoKeyVersion
    pub name: std::string::String,

    /// The current state of the
    /// [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion].
    ///
    /// [google.cloud.kms.v1.CryptoKeyVersion]: crate::model::CryptoKeyVersion
    pub state: crate::model::crypto_key_version::CryptoKeyVersionState,

    /// Output only. The [ProtectionLevel][google.cloud.kms.v1.ProtectionLevel]
    /// describing how crypto operations are performed with this
    /// [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion].
    ///
    /// [google.cloud.kms.v1.CryptoKeyVersion]: crate::model::CryptoKeyVersion
    /// [google.cloud.kms.v1.ProtectionLevel]: crate::model::ProtectionLevel
    pub protection_level: crate::model::ProtectionLevel,

    /// Output only. The
    /// [CryptoKeyVersionAlgorithm][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionAlgorithm]
    /// that this [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]
    /// supports.
    ///
    /// [google.cloud.kms.v1.CryptoKeyVersion]: crate::model::CryptoKeyVersion
    /// [google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionAlgorithm]: crate::model::crypto_key_version::CryptoKeyVersionAlgorithm
    pub algorithm: crate::model::crypto_key_version::CryptoKeyVersionAlgorithm,

    /// Output only. Statement that was generated and signed by the HSM at key
    /// creation time. Use this statement to verify attributes of the key as stored
    /// on the HSM, independently of Google. Only provided for key versions with
    /// [protection_level][google.cloud.kms.v1.CryptoKeyVersion.protection_level]
    /// [HSM][google.cloud.kms.v1.ProtectionLevel.HSM].
    ///
    /// [google.cloud.kms.v1.CryptoKeyVersion.protection_level]: crate::model::CryptoKeyVersion::protection_level
    /// [google.cloud.kms.v1.ProtectionLevel.HSM]: crate::model::ProtectionLevel::Hsm
    pub attestation: std::option::Option<crate::model::KeyOperationAttestation>,

    /// Output only. The time at which this
    /// [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] was created.
    ///
    /// [google.cloud.kms.v1.CryptoKeyVersion]: crate::model::CryptoKeyVersion
    pub create_time: std::option::Option<wkt::Timestamp>,

    /// Output only. The time this
    /// [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]'s key material was
    /// generated.
    ///
    /// [google.cloud.kms.v1.CryptoKeyVersion]: crate::model::CryptoKeyVersion
    pub generate_time: std::option::Option<wkt::Timestamp>,

    /// Output only. The time this
    /// [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]'s key material is
    /// scheduled for destruction. Only present if
    /// [state][google.cloud.kms.v1.CryptoKeyVersion.state] is
    /// [DESTROY_SCHEDULED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROY_SCHEDULED].
    ///
    /// [google.cloud.kms.v1.CryptoKeyVersion]: crate::model::CryptoKeyVersion
    /// [google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROY_SCHEDULED]: crate::model::crypto_key_version::CryptoKeyVersionState::DestroyScheduled
    /// [google.cloud.kms.v1.CryptoKeyVersion.state]: crate::model::CryptoKeyVersion::state
    pub destroy_time: std::option::Option<wkt::Timestamp>,

    /// Output only. The time this CryptoKeyVersion's key material was
    /// destroyed. Only present if
    /// [state][google.cloud.kms.v1.CryptoKeyVersion.state] is
    /// [DESTROYED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROYED].
    ///
    /// [google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROYED]: crate::model::crypto_key_version::CryptoKeyVersionState::Destroyed
    /// [google.cloud.kms.v1.CryptoKeyVersion.state]: crate::model::CryptoKeyVersion::state
    pub destroy_event_time: std::option::Option<wkt::Timestamp>,

    /// Output only. The name of the [ImportJob][google.cloud.kms.v1.ImportJob]
    /// used in the most recent import of this
    /// [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]. Only present if
    /// the underlying key material was imported.
    ///
    /// [google.cloud.kms.v1.CryptoKeyVersion]: crate::model::CryptoKeyVersion
    /// [google.cloud.kms.v1.ImportJob]: crate::model::ImportJob
    pub import_job: std::string::String,

    /// Output only. The time at which this
    /// [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]'s key material was
    /// most recently imported.
    ///
    /// [google.cloud.kms.v1.CryptoKeyVersion]: crate::model::CryptoKeyVersion
    pub import_time: std::option::Option<wkt::Timestamp>,

    /// Output only. The root cause of the most recent import failure. Only present
    /// if [state][google.cloud.kms.v1.CryptoKeyVersion.state] is
    /// [IMPORT_FAILED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.IMPORT_FAILED].
    ///
    /// [google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.IMPORT_FAILED]: crate::model::crypto_key_version::CryptoKeyVersionState::ImportFailed
    /// [google.cloud.kms.v1.CryptoKeyVersion.state]: crate::model::CryptoKeyVersion::state
    pub import_failure_reason: std::string::String,

    /// Output only. The root cause of the most recent generation failure. Only
    /// present if [state][google.cloud.kms.v1.CryptoKeyVersion.state] is
    /// [GENERATION_FAILED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.GENERATION_FAILED].
    ///
    /// [google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.GENERATION_FAILED]: crate::model::crypto_key_version::CryptoKeyVersionState::GenerationFailed
    /// [google.cloud.kms.v1.CryptoKeyVersion.state]: crate::model::CryptoKeyVersion::state
    pub generation_failure_reason: std::string::String,

    /// Output only. The root cause of the most recent external destruction
    /// failure. Only present if
    /// [state][google.cloud.kms.v1.CryptoKeyVersion.state] is
    /// [EXTERNAL_DESTRUCTION_FAILED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.EXTERNAL_DESTRUCTION_FAILED].
    ///
    /// [google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.EXTERNAL_DESTRUCTION_FAILED]: crate::model::crypto_key_version::CryptoKeyVersionState::ExternalDestructionFailed
    /// [google.cloud.kms.v1.CryptoKeyVersion.state]: crate::model::CryptoKeyVersion::state
    pub external_destruction_failure_reason: std::string::String,

    /// ExternalProtectionLevelOptions stores a group of additional fields for
    /// configuring a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] that
    /// are specific to the
    /// [EXTERNAL][google.cloud.kms.v1.ProtectionLevel.EXTERNAL] protection level
    /// and [EXTERNAL_VPC][google.cloud.kms.v1.ProtectionLevel.EXTERNAL_VPC]
    /// protection levels.
    ///
    /// [google.cloud.kms.v1.CryptoKeyVersion]: crate::model::CryptoKeyVersion
    /// [google.cloud.kms.v1.ProtectionLevel.EXTERNAL]: crate::model::ProtectionLevel::External
    /// [google.cloud.kms.v1.ProtectionLevel.EXTERNAL_VPC]: crate::model::ProtectionLevel::ExternalVpc
    pub external_protection_level_options:
        std::option::Option<crate::model::ExternalProtectionLevelOptions>,

    /// Output only. Whether or not this key version is eligible for reimport, by
    /// being specified as a target in
    /// [ImportCryptoKeyVersionRequest.crypto_key_version][google.cloud.kms.v1.ImportCryptoKeyVersionRequest.crypto_key_version].
    ///
    /// [google.cloud.kms.v1.ImportCryptoKeyVersionRequest.crypto_key_version]: crate::model::ImportCryptoKeyVersionRequest::crypto_key_version
    pub reimport_eligible: bool,

    pub(crate) _unknown_fields: serde_json::Map<std::string::String, serde_json::Value>,
}

impl CryptoKeyVersion {
    pub fn new() -> Self {
        std::default::Default::default()
    }

    /// Sets the value of [name][crate::model::CryptoKeyVersion::name].
    pub fn set_name<T: std::convert::Into<std::string::String>>(mut self, v: T) -> Self {
        self.name = v.into();
        self
    }

    /// Sets the value of [state][crate::model::CryptoKeyVersion::state].
    pub fn set_state<
        T: std::convert::Into<crate::model::crypto_key_version::CryptoKeyVersionState>,
    >(
        mut self,
        v: T,
    ) -> Self {
        self.state = v.into();
        self
    }

    /// Sets the value of [protection_level][crate::model::CryptoKeyVersion::protection_level].
    pub fn set_protection_level<T: std::convert::Into<crate::model::ProtectionLevel>>(
        mut self,
        v: T,
    ) -> Self {
        self.protection_level = v.into();
        self
    }

    /// Sets the value of [algorithm][crate::model::CryptoKeyVersion::algorithm].
    pub fn set_algorithm<
        T: std::convert::Into<crate::model::crypto_key_version::CryptoKeyVersionAlgorithm>,
    >(
        mut self,
        v: T,
    ) -> Self {
        self.algorithm = v.into();
        self
    }

    /// Sets the value of [attestation][crate::model::CryptoKeyVersion::attestation].
    pub fn set_attestation<T>(mut self, v: T) -> Self
    where
        T: std::convert::Into<crate::model::KeyOperationAttestation>,
    {
        self.attestation = std::option::Option::Some(v.into());
        self
    }

    /// Sets or clears the value of [attestation][crate::model::CryptoKeyVersion::attestation].
    pub fn set_or_clear_attestation<T>(mut self, v: std::option::Option<T>) -> Self
    where
        T: std::convert::Into<crate::model::KeyOperationAttestation>,
    {
        self.attestation = v.map(|x| x.into());
        self
    }

    /// Sets the value of [create_time][crate::model::CryptoKeyVersion::create_time].
    pub fn set_create_time<T>(mut self, v: T) -> Self
    where
        T: std::convert::Into<wkt::Timestamp>,
    {
        self.create_time = std::option::Option::Some(v.into());
        self
    }

    /// Sets or clears the value of [create_time][crate::model::CryptoKeyVersion::create_time].
    pub fn set_or_clear_create_time<T>(mut self, v: std::option::Option<T>) -> Self
    where
        T: std::convert::Into<wkt::Timestamp>,
    {
        self.create_time = v.map(|x| x.into());
        self
    }

    /// Sets the value of [generate_time][crate::model::CryptoKeyVersion::generate_time].
    pub fn set_generate_time<T>(mut self, v: T) -> Self
    where
        T: std::convert::Into<wkt::Timestamp>,
    {
        self.generate_time = std::option::Option::Some(v.into());
        self
    }

    /// Sets or clears the value of [generate_time][crate::model::CryptoKeyVersion::generate_time].
    pub fn set_or_clear_generate_time<T>(mut self, v: std::option::Option<T>) -> Self
    where
        T: std::convert::Into<wkt::Timestamp>,
    {
        self.generate_time = v.map(|x| x.into());
        self
    }

    /// Sets the value of [destroy_time][crate::model::CryptoKeyVersion::destroy_time].
    pub fn set_destroy_time<T>(mut self, v: T) -> Self
    where
        T: std::convert::Into<wkt::Timestamp>,
    {
        self.destroy_time = std::option::Option::Some(v.into());
        self
    }

    /// Sets or clears the value of [destroy_time][crate::model::CryptoKeyVersion::destroy_time].
    pub fn set_or_clear_destroy_time<T>(mut self, v: std::option::Option<T>) -> Self
    where
        T: std::convert::Into<wkt::Timestamp>,
    {
        self.destroy_time = v.map(|x| x.into());
        self
    }

    /// Sets the value of [destroy_event_time][crate::model::CryptoKeyVersion::destroy_event_time].
    pub fn set_destroy_event_time<T>(mut self, v: T) -> Self
    where
        T: std::convert::Into<wkt::Timestamp>,
    {
        self.destroy_event_time = std::option::Option::Some(v.into());
        self
    }

    /// Sets or clears the value of [destroy_event_time][crate::model::CryptoKeyVersion::destroy_event_time].
    pub fn set_or_clear_destroy_event_time<T>(mut self, v: std::option::Option<T>) -> Self
    where
        T: std::convert::Into<wkt::Timestamp>,
    {
        self.destroy_event_time = v.map(|x| x.into());
        self
    }

    /// Sets the value of [import_job][crate::model::CryptoKeyVersion::import_job].
    pub fn set_import_job<T: std::convert::Into<std::string::String>>(mut self, v: T) -> Self {
        self.import_job = v.into();
        self
    }

    /// Sets the value of [import_time][crate::model::CryptoKeyVersion::import_time].
    pub fn set_import_time<T>(mut self, v: T) -> Self
    where
        T: std::convert::Into<wkt::Timestamp>,
    {
        self.import_time = std::option::Option::Some(v.into());
        self
    }

    /// Sets or clears the value of [import_time][crate::model::CryptoKeyVersion::import_time].
    pub fn set_or_clear_import_time<T>(mut self, v: std::option::Option<T>) -> Self
    where
        T: std::convert::Into<wkt::Timestamp>,
    {
        self.import_time = v.map(|x| x.into());
        self
    }

    /// Sets the value of [import_failure_reason][crate::model::CryptoKeyVersion::import_failure_reason].
    pub fn set_import_failure_reason<T: std::convert::Into<std::string::String>>(
        mut self,
        v: T,
    ) -> Self {
        self.import_failure_reason = v.into();
        self
    }

    /// Sets the value of [generation_failure_reason][crate::model::CryptoKeyVersion::generation_failure_reason].
    pub fn set_generation_failure_reason<T: std::convert::Into<std::string::String>>(
        mut self,
        v: T,
    ) -> Self {
        self.generation_failure_reason = v.into();
        self
    }

    /// Sets the value of [external_destruction_failure_reason][crate::model::CryptoKeyVersion::external_destruction_failure_reason].
    pub fn set_external_destruction_failure_reason<T: std::convert::Into<std::string::String>>(
        mut self,
        v: T,
    ) -> Self {
        self.external_destruction_failure_reason = v.into();
        self
    }

    /// Sets the value of [external_protection_level_options][crate::model::CryptoKeyVersion::external_protection_level_options].
    pub fn set_external_protection_level_options<T>(mut self, v: T) -> Self
    where
        T: std::convert::Into<crate::model::ExternalProtectionLevelOptions>,
    {
        self.external_protection_level_options = std::option::Option::Some(v.into());
        self
    }

    /// Sets or clears the value of [external_protection_level_options][crate::model::CryptoKeyVersion::external_protection_level_options].
    pub fn set_or_clear_external_protection_level_options<T>(
        mut self,
        v: std::option::Option<T>,
    ) -> Self
    where
        T: std::convert::Into<crate::model::ExternalProtectionLevelOptions>,
    {
        self.external_protection_level_options = v.map(|x| x.into());
        self
    }

    /// Sets the value of [reimport_eligible][crate::model::CryptoKeyVersion::reimport_eligible].
    pub fn set_reimport_eligible<T: std::convert::Into<bool>>(mut self, v: T) -> Self {
        self.reimport_eligible = v.into();
        self
    }
}

impl wkt::message::Message for CryptoKeyVersion {
    fn typename() -> &'static str {
        "type.googleapis.com/google.cloud.kms.v1.CryptoKeyVersion"
    }
}

/// Defines additional types related to [CryptoKeyVersion].
pub mod crypto_key_version {
    #[allow(unused_imports)]
    use super::*;

    /// The algorithm of the
    /// [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion], indicating what
    /// parameters must be used for each cryptographic operation.
    ///
    /// The
    /// [GOOGLE_SYMMETRIC_ENCRYPTION][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionAlgorithm.GOOGLE_SYMMETRIC_ENCRYPTION]
    /// algorithm is usable with
    /// [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose]
    /// [ENCRYPT_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT].
    ///
    /// Algorithms beginning with `RSA_SIGN_` are usable with
    /// [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose]
    /// [ASYMMETRIC_SIGN][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ASYMMETRIC_SIGN].
    ///
    /// The fields in the name after `RSA_SIGN_` correspond to the following
    /// parameters: padding algorithm, modulus bit length, and digest algorithm.
    ///
    /// For PSS, the salt length used is equal to the length of digest
    /// algorithm. For example,
    /// [RSA_SIGN_PSS_2048_SHA256][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionAlgorithm.RSA_SIGN_PSS_2048_SHA256]
    /// will use PSS with a salt length of 256 bits or 32 bytes.
    ///
    /// Algorithms beginning with `RSA_DECRYPT_` are usable with
    /// [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose]
    /// [ASYMMETRIC_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ASYMMETRIC_DECRYPT].
    ///
    /// The fields in the name after `RSA_DECRYPT_` correspond to the following
    /// parameters: padding algorithm, modulus bit length, and digest algorithm.
    ///
    /// Algorithms beginning with `EC_SIGN_` are usable with
    /// [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose]
    /// [ASYMMETRIC_SIGN][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ASYMMETRIC_SIGN].
    ///
    /// The fields in the name after `EC_SIGN_` correspond to the following
    /// parameters: elliptic curve, digest algorithm.
    ///
    /// Algorithms beginning with `HMAC_` are usable with
    /// [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose]
    /// [MAC][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.MAC].
    ///
    /// The suffix following `HMAC_` corresponds to the hash algorithm being used
    /// (eg. SHA256).
    ///
    /// Algorithms beginning with `PQ_` are post-quantum.
    ///
    /// For more information, see [Key purposes and algorithms]
    /// (<https://cloud.google.com/kms/docs/algorithms>).
    ///
    /// [google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ASYMMETRIC_DECRYPT]: crate::model::crypto_key::CryptoKeyPurpose::AsymmetricDecrypt
    /// [google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ASYMMETRIC_SIGN]: crate::model::crypto_key::CryptoKeyPurpose::AsymmetricSign
    /// [google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT]: crate::model::crypto_key::CryptoKeyPurpose::EncryptDecrypt
    /// [google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.MAC]: crate::model::crypto_key::CryptoKeyPurpose::Mac
    /// [google.cloud.kms.v1.CryptoKey.purpose]: crate::model::CryptoKey::purpose
    /// [google.cloud.kms.v1.CryptoKeyVersion]: crate::model::CryptoKeyVersion
    /// [google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionAlgorithm.GOOGLE_SYMMETRIC_ENCRYPTION]: crate::model::crypto_key_version::CryptoKeyVersionAlgorithm::GoogleSymmetricEncryption
    /// [google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionAlgorithm.RSA_SIGN_PSS_2048_SHA256]: crate::model::crypto_key_version::CryptoKeyVersionAlgorithm::RsaSignPss2048Sha256
    ///
    /// # Working with unknown values
    ///
    /// This enum is defined as `#[non_exhaustive]` because Google Cloud may add
    /// additional enum variants at any time. Adding new variants is not considered
    /// a breaking change. Applications should write their code in anticipation of:
    ///
    /// - New values appearing in future releases of the client library, **and**
    /// - New values received dynamically, without application changes.
    ///
    /// Please consult the [Working with enums] section in the user guide for some
    /// guidelines.
    ///
    /// [Working with enums]: https://google-cloud-rust.github.io/working_with_enums.html
    #[derive(Clone, Debug, PartialEq)]
    #[non_exhaustive]
    pub enum CryptoKeyVersionAlgorithm {
        /// Not specified.
        Unspecified,
        /// Creates symmetric encryption keys.
        GoogleSymmetricEncryption,
        /// AES-GCM (Galois Counter Mode) using 128-bit keys.
        Aes128Gcm,
        /// AES-GCM (Galois Counter Mode) using 256-bit keys.
        Aes256Gcm,
        /// AES-CBC (Cipher Block Chaining Mode) using 128-bit keys.
        Aes128Cbc,
        /// AES-CBC (Cipher Block Chaining Mode) using 256-bit keys.
        Aes256Cbc,
        /// AES-CTR (Counter Mode) using 128-bit keys.
        Aes128Ctr,
        /// AES-CTR (Counter Mode) using 256-bit keys.
        Aes256Ctr,
        /// RSASSA-PSS 2048 bit key with a SHA256 digest.
        RsaSignPss2048Sha256,
        /// RSASSA-PSS 3072 bit key with a SHA256 digest.
        RsaSignPss3072Sha256,
        /// RSASSA-PSS 4096 bit key with a SHA256 digest.
        RsaSignPss4096Sha256,
        /// RSASSA-PSS 4096 bit key with a SHA512 digest.
        RsaSignPss4096Sha512,
        /// RSASSA-PKCS1-v1_5 with a 2048 bit key and a SHA256 digest.
        RsaSignPkcs12048Sha256,
        /// RSASSA-PKCS1-v1_5 with a 3072 bit key and a SHA256 digest.
        RsaSignPkcs13072Sha256,
        /// RSASSA-PKCS1-v1_5 with a 4096 bit key and a SHA256 digest.
        RsaSignPkcs14096Sha256,
        /// RSASSA-PKCS1-v1_5 with a 4096 bit key and a SHA512 digest.
        RsaSignPkcs14096Sha512,
        /// RSASSA-PKCS1-v1_5 signing without encoding, with a 2048 bit key.
        RsaSignRawPkcs12048,
        /// RSASSA-PKCS1-v1_5 signing without encoding, with a 3072 bit key.
        RsaSignRawPkcs13072,
        /// RSASSA-PKCS1-v1_5 signing without encoding, with a 4096 bit key.
        RsaSignRawPkcs14096,
        /// RSAES-OAEP 2048 bit key with a SHA256 digest.
        RsaDecryptOaep2048Sha256,
        /// RSAES-OAEP 3072 bit key with a SHA256 digest.
        RsaDecryptOaep3072Sha256,
        /// RSAES-OAEP 4096 bit key with a SHA256 digest.
        RsaDecryptOaep4096Sha256,
        /// RSAES-OAEP 4096 bit key with a SHA512 digest.
        RsaDecryptOaep4096Sha512,
        /// RSAES-OAEP 2048 bit key with a SHA1 digest.
        RsaDecryptOaep2048Sha1,
        /// RSAES-OAEP 3072 bit key with a SHA1 digest.
        RsaDecryptOaep3072Sha1,
        /// RSAES-OAEP 4096 bit key with a SHA1 digest.
        RsaDecryptOaep4096Sha1,
        /// ECDSA on the NIST P-256 curve with a SHA256 digest.
        /// Other hash functions can also be used:
        /// <https://cloud.google.com/kms/docs/create-validate-signatures#ecdsa_support_for_other_hash_algorithms>
        EcSignP256Sha256,
        /// ECDSA on the NIST P-384 curve with a SHA384 digest.
        /// Other hash functions can also be used:
        /// <https://cloud.google.com/kms/docs/create-validate-signatures#ecdsa_support_for_other_hash_algorithms>
        EcSignP384Sha384,
        /// ECDSA on the non-NIST secp256k1 curve. This curve is only supported for
        /// HSM protection level.
        /// Other hash functions can also be used:
        /// <https://cloud.google.com/kms/docs/create-validate-signatures#ecdsa_support_for_other_hash_algorithms>
        EcSignSecp256K1Sha256,
        /// EdDSA on the Curve25519 in pure mode (taking data as input).
        EcSignEd25519,
        /// HMAC-SHA256 signing with a 256 bit key.
        HmacSha256,
        /// HMAC-SHA1 signing with a 160 bit key.
        HmacSha1,
        /// HMAC-SHA384 signing with a 384 bit key.
        HmacSha384,
        /// HMAC-SHA512 signing with a 512 bit key.
        HmacSha512,
        /// HMAC-SHA224 signing with a 224 bit key.
        HmacSha224,
        /// Algorithm representing symmetric encryption by an external key manager.
        ExternalSymmetricEncryption,
        /// ML-KEM-768 (FIPS 203)
        MlKem768,
        /// ML-KEM-1024 (FIPS 203)
        MlKem1024,
        /// X-Wing hybrid KEM combining ML-KEM-768 with X25519 following
        /// datatracker.ietf.org/doc/draft-connolly-cfrg-xwing-kem/.
        KemXwing,
        /// The post-quantum Module-Lattice-Based Digital Signature Algorithm, at
        /// security level 3. Randomized version.
        PqSignMlDsa65,
        /// The post-quantum stateless hash-based digital signature algorithm, at
        /// security level 1. Randomized version.
        PqSignSlhDsaSha2128S,
        /// If set, the enum was initialized with an unknown value.
        ///
        /// Applications can examine the value using [CryptoKeyVersionAlgorithm::value] or
        /// [CryptoKeyVersionAlgorithm::name].
        UnknownValue(crypto_key_version_algorithm::UnknownValue),
    }

    #[doc(hidden)]
    pub mod crypto_key_version_algorithm {
        #[allow(unused_imports)]
        use super::*;
        #[derive(Clone, Debug, PartialEq)]
        pub struct UnknownValue(pub(crate) wkt::internal::UnknownEnumValue);
    }

    impl CryptoKeyVersionAlgorithm {
        /// Gets the enum value.
        ///
        /// Returns `None` if the enum contains an unknown value deserialized from
        /// the string representation of enums.
        pub fn value(&self) -> std::option::Option<i32> {
            match self {
                Self::Unspecified => std::option::Option::Some(0),
                Self::GoogleSymmetricEncryption => std::option::Option::Some(1),
                Self::Aes128Gcm => std::option::Option::Some(41),
                Self::Aes256Gcm => std::option::Option::Some(19),
                Self::Aes128Cbc => std::option::Option::Some(42),
                Self::Aes256Cbc => std::option::Option::Some(43),
                Self::Aes128Ctr => std::option::Option::Some(44),
                Self::Aes256Ctr => std::option::Option::Some(45),
                Self::RsaSignPss2048Sha256 => std::option::Option::Some(2),
                Self::RsaSignPss3072Sha256 => std::option::Option::Some(3),
                Self::RsaSignPss4096Sha256 => std::option::Option::Some(4),
                Self::RsaSignPss4096Sha512 => std::option::Option::Some(15),
                Self::RsaSignPkcs12048Sha256 => std::option::Option::Some(5),
                Self::RsaSignPkcs13072Sha256 => std::option::Option::Some(6),
                Self::RsaSignPkcs14096Sha256 => std::option::Option::Some(7),
                Self::RsaSignPkcs14096Sha512 => std::option::Option::Some(16),
                Self::RsaSignRawPkcs12048 => std::option::Option::Some(28),
                Self::RsaSignRawPkcs13072 => std::option::Option::Some(29),
                Self::RsaSignRawPkcs14096 => std::option::Option::Some(30),
                Self::RsaDecryptOaep2048Sha256 => std::option::Option::Some(8),
                Self::RsaDecryptOaep3072Sha256 => std::option::Option::Some(9),
                Self::RsaDecryptOaep4096Sha256 => std::option::Option::Some(10),
                Self::RsaDecryptOaep4096Sha512 => std::option::Option::Some(17),
                Self::RsaDecryptOaep2048Sha1 => std::option::Option::Some(37),
                Self::RsaDecryptOaep3072Sha1 => std::option::Option::Some(38),
                Self::RsaDecryptOaep4096Sha1 => std::option::Option::Some(39),
                Self::EcSignP256Sha256 => std::option::Option::Some(12),
                Self::EcSignP384Sha384 => std::option::Option::Some(13),
                Self::EcSignSecp256K1Sha256 => std::option::Option::Some(31),
                Self::EcSignEd25519 => std::option::Option::Some(40),
                Self::HmacSha256 => std::option::Option::Some(32),
                Self::HmacSha1 => std::option::Option::Some(33),
                Self::HmacSha384 => std::option::Option::Some(34),
                Self::HmacSha512 => std::option::Option::Some(35),
                Self::HmacSha224 => std::option::Option::Some(36),
                Self::ExternalSymmetricEncryption => std::option::Option::Some(18),
                Self::MlKem768 => std::option::Option::Some(47),
                Self::MlKem1024 => std::option::Option::Some(48),
                Self::KemXwing => std::option::Option::Some(63),
                Self::PqSignMlDsa65 => std::option::Option::Some(56),
                Self::PqSignSlhDsaSha2128S => std::option::Option::Some(57),
                Self::UnknownValue(u) => u.0.value(),
            }
        }

        /// Gets the enum value as a string.
        ///
        /// Returns `None` if the enum contains an unknown value deserialized from
        /// the integer representation of enums.
        pub fn name(&self) -> std::option::Option<&str> {
            match self {
                Self::Unspecified => {
                    std::option::Option::Some("CRYPTO_KEY_VERSION_ALGORITHM_UNSPECIFIED")
                }
                Self::GoogleSymmetricEncryption => {
                    std::option::Option::Some("GOOGLE_SYMMETRIC_ENCRYPTION")
                }
                Self::Aes128Gcm => std::option::Option::Some("AES_128_GCM"),
                Self::Aes256Gcm => std::option::Option::Some("AES_256_GCM"),
                Self::Aes128Cbc => std::option::Option::Some("AES_128_CBC"),
                Self::Aes256Cbc => std::option::Option::Some("AES_256_CBC"),
                Self::Aes128Ctr => std::option::Option::Some("AES_128_CTR"),
                Self::Aes256Ctr => std::option::Option::Some("AES_256_CTR"),
                Self::RsaSignPss2048Sha256 => std::option::Option::Some("RSA_SIGN_PSS_2048_SHA256"),
                Self::RsaSignPss3072Sha256 => std::option::Option::Some("RSA_SIGN_PSS_3072_SHA256"),
                Self::RsaSignPss4096Sha256 => std::option::Option::Some("RSA_SIGN_PSS_4096_SHA256"),
                Self::RsaSignPss4096Sha512 => std::option::Option::Some("RSA_SIGN_PSS_4096_SHA512"),
                Self::RsaSignPkcs12048Sha256 => {
                    std::option::Option::Some("RSA_SIGN_PKCS1_2048_SHA256")
                }
                Self::RsaSignPkcs13072Sha256 => {
                    std::option::Option::Some("RSA_SIGN_PKCS1_3072_SHA256")
                }
                Self::RsaSignPkcs14096Sha256 => {
                    std::option::Option::Some("RSA_SIGN_PKCS1_4096_SHA256")
                }
                Self::RsaSignPkcs14096Sha512 => {
                    std::option::Option::Some("RSA_SIGN_PKCS1_4096_SHA512")
                }
                Self::RsaSignRawPkcs12048 => std::option::Option::Some("RSA_SIGN_RAW_PKCS1_2048"),
                Self::RsaSignRawPkcs13072 => std::option::Option::Some("RSA_SIGN_RAW_PKCS1_3072"),
                Self::RsaSignRawPkcs14096 => std::option::Option::Some("RSA_SIGN_RAW_PKCS1_4096"),
                Self::RsaDecryptOaep2048Sha256 => {
                    std::option::Option::Some("RSA_DECRYPT_OAEP_2048_SHA256")
                }
                Self::RsaDecryptOaep3072Sha256 => {
                    std::option::Option::Some("RSA_DECRYPT_OAEP_3072_SHA256")
                }
                Self::RsaDecryptOaep4096Sha256 => {
                    std::option::Option::Some("RSA_DECRYPT_OAEP_4096_SHA256")
                }
                Self::RsaDecryptOaep4096Sha512 => {
                    std::option::Option::Some("RSA_DECRYPT_OAEP_4096_SHA512")
                }
                Self::RsaDecryptOaep2048Sha1 => {
                    std::option::Option::Some("RSA_DECRYPT_OAEP_2048_SHA1")
                }
                Self::RsaDecryptOaep3072Sha1 => {
                    std::option::Option::Some("RSA_DECRYPT_OAEP_3072_SHA1")
                }
                Self::RsaDecryptOaep4096Sha1 => {
                    std::option::Option::Some("RSA_DECRYPT_OAEP_4096_SHA1")
                }
                Self::EcSignP256Sha256 => std::option::Option::Some("EC_SIGN_P256_SHA256"),
                Self::EcSignP384Sha384 => std::option::Option::Some("EC_SIGN_P384_SHA384"),
                Self::EcSignSecp256K1Sha256 => {
                    std::option::Option::Some("EC_SIGN_SECP256K1_SHA256")
                }
                Self::EcSignEd25519 => std::option::Option::Some("EC_SIGN_ED25519"),
                Self::HmacSha256 => std::option::Option::Some("HMAC_SHA256"),
                Self::HmacSha1 => std::option::Option::Some("HMAC_SHA1"),
                Self::HmacSha384 => std::option::Option::Some("HMAC_SHA384"),
                Self::HmacSha512 => std::option::Option::Some("HMAC_SHA512"),
                Self::HmacSha224 => std::option::Option::Some("HMAC_SHA224"),
                Self::ExternalSymmetricEncryption => {
                    std::option::Option::Some("EXTERNAL_SYMMETRIC_ENCRYPTION")
                }
                Self::MlKem768 => std::option::Option::Some("ML_KEM_768"),
                Self::MlKem1024 => std::option::Option::Some("ML_KEM_1024"),
                Self::KemXwing => std::option::Option::Some("KEM_XWING"),
                Self::PqSignMlDsa65 => std::option::Option::Some("PQ_SIGN_ML_DSA_65"),
                Self::PqSignSlhDsaSha2128S => {
                    std::option::Option::Some("PQ_SIGN_SLH_DSA_SHA2_128S")
                }
                Self::UnknownValue(u) => u.0.name(),
            }
        }
    }

    impl std::default::Default for CryptoKeyVersionAlgorithm {
        fn default() -> Self {
            use std::convert::From;
            Self::from(0)
        }
    }

    impl std::fmt::Display for CryptoKeyVersionAlgorithm {
        fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::result::Result<(), std::fmt::Error> {
            wkt::internal::display_enum(f, self.name(), self.value())
        }
    }

    impl std::convert::From<i32> for CryptoKeyVersionAlgorithm {
        fn from(value: i32) -> Self {
            match value {
                0 => Self::Unspecified,
                1 => Self::GoogleSymmetricEncryption,
                2 => Self::RsaSignPss2048Sha256,
                3 => Self::RsaSignPss3072Sha256,
                4 => Self::RsaSignPss4096Sha256,
                5 => Self::RsaSignPkcs12048Sha256,
                6 => Self::RsaSignPkcs13072Sha256,
                7 => Self::RsaSignPkcs14096Sha256,
                8 => Self::RsaDecryptOaep2048Sha256,
                9 => Self::RsaDecryptOaep3072Sha256,
                10 => Self::RsaDecryptOaep4096Sha256,
                12 => Self::EcSignP256Sha256,
                13 => Self::EcSignP384Sha384,
                15 => Self::RsaSignPss4096Sha512,
                16 => Self::RsaSignPkcs14096Sha512,
                17 => Self::RsaDecryptOaep4096Sha512,
                18 => Self::ExternalSymmetricEncryption,
                19 => Self::Aes256Gcm,
                28 => Self::RsaSignRawPkcs12048,
                29 => Self::RsaSignRawPkcs13072,
                30 => Self::RsaSignRawPkcs14096,
                31 => Self::EcSignSecp256K1Sha256,
                32 => Self::HmacSha256,
                33 => Self::HmacSha1,
                34 => Self::HmacSha384,
                35 => Self::HmacSha512,
                36 => Self::HmacSha224,
                37 => Self::RsaDecryptOaep2048Sha1,
                38 => Self::RsaDecryptOaep3072Sha1,
                39 => Self::RsaDecryptOaep4096Sha1,
                40 => Self::EcSignEd25519,
                41 => Self::Aes128Gcm,
                42 => Self::Aes128Cbc,
                43 => Self::Aes256Cbc,
                44 => Self::Aes128Ctr,
                45 => Self::Aes256Ctr,
                47 => Self::MlKem768,
                48 => Self::MlKem1024,
                56 => Self::PqSignMlDsa65,
                57 => Self::PqSignSlhDsaSha2128S,
                63 => Self::KemXwing,
                _ => Self::UnknownValue(crypto_key_version_algorithm::UnknownValue(
                    wkt::internal::UnknownEnumValue::Integer(value),
                )),
            }
        }
    }

    impl std::convert::From<&str> for CryptoKeyVersionAlgorithm {
        fn from(value: &str) -> Self {
            use std::string::ToString;
            match value {
                "CRYPTO_KEY_VERSION_ALGORITHM_UNSPECIFIED" => Self::Unspecified,
                "GOOGLE_SYMMETRIC_ENCRYPTION" => Self::GoogleSymmetricEncryption,
                "AES_128_GCM" => Self::Aes128Gcm,
                "AES_256_GCM" => Self::Aes256Gcm,
                "AES_128_CBC" => Self::Aes128Cbc,
                "AES_256_CBC" => Self::Aes256Cbc,
                "AES_128_CTR" => Self::Aes128Ctr,
                "AES_256_CTR" => Self::Aes256Ctr,
                "RSA_SIGN_PSS_2048_SHA256" => Self::RsaSignPss2048Sha256,
                "RSA_SIGN_PSS_3072_SHA256" => Self::RsaSignPss3072Sha256,
                "RSA_SIGN_PSS_4096_SHA256" => Self::RsaSignPss4096Sha256,
                "RSA_SIGN_PSS_4096_SHA512" => Self::RsaSignPss4096Sha512,
                "RSA_SIGN_PKCS1_2048_SHA256" => Self::RsaSignPkcs12048Sha256,
                "RSA_SIGN_PKCS1_3072_SHA256" => Self::RsaSignPkcs13072Sha256,
                "RSA_SIGN_PKCS1_4096_SHA256" => Self::RsaSignPkcs14096Sha256,
                "RSA_SIGN_PKCS1_4096_SHA512" => Self::RsaSignPkcs14096Sha512,
                "RSA_SIGN_RAW_PKCS1_2048" => Self::RsaSignRawPkcs12048,
                "RSA_SIGN_RAW_PKCS1_3072" => Self::RsaSignRawPkcs13072,
                "RSA_SIGN_RAW_PKCS1_4096" => Self::RsaSignRawPkcs14096,
                "RSA_DECRYPT_OAEP_2048_SHA256" => Self::RsaDecryptOaep2048Sha256,
                "RSA_DECRYPT_OAEP_3072_SHA256" => Self::RsaDecryptOaep3072Sha256,
                "RSA_DECRYPT_OAEP_4096_SHA256" => Self::RsaDecryptOaep4096Sha256,
                "RSA_DECRYPT_OAEP_4096_SHA512" => Self::RsaDecryptOaep4096Sha512,
                "RSA_DECRYPT_OAEP_2048_SHA1" => Self::RsaDecryptOaep2048Sha1,
                "RSA_DECRYPT_OAEP_3072_SHA1" => Self::RsaDecryptOaep3072Sha1,
                "RSA_DECRYPT_OAEP_4096_SHA1" => Self::RsaDecryptOaep4096Sha1,
                "EC_SIGN_P256_SHA256" => Self::EcSignP256Sha256,
                "EC_SIGN_P384_SHA384" => Self::EcSignP384Sha384,
                "EC_SIGN_SECP256K1_SHA256" => Self::EcSignSecp256K1Sha256,
                "EC_SIGN_ED25519" => Self::EcSignEd25519,
                "HMAC_SHA256" => Self::HmacSha256,
                "HMAC_SHA1" => Self::HmacSha1,
                "HMAC_SHA384" => Self::HmacSha384,
                "HMAC_SHA512" => Self::HmacSha512,
                "HMAC_SHA224" => Self::HmacSha224,
                "EXTERNAL_SYMMETRIC_ENCRYPTION" => Self::ExternalSymmetricEncryption,
                "ML_KEM_768" => Self::MlKem768,
                "ML_KEM_1024" => Self::MlKem1024,
                "KEM_XWING" => Self::KemXwing,
                "PQ_SIGN_ML_DSA_65" => Self::PqSignMlDsa65,
                "PQ_SIGN_SLH_DSA_SHA2_128S" => Self::PqSignSlhDsaSha2128S,
                _ => Self::UnknownValue(crypto_key_version_algorithm::UnknownValue(
                    wkt::internal::UnknownEnumValue::String(value.to_string()),
                )),
            }
        }
    }

    impl serde::ser::Serialize for CryptoKeyVersionAlgorithm {
        fn serialize<S>(&self, serializer: S) -> std::result::Result<S::Ok, S::Error>
        where
            S: serde::Serializer,
        {
            match self {
                Self::Unspecified => serializer.serialize_i32(0),
                Self::GoogleSymmetricEncryption => serializer.serialize_i32(1),
                Self::Aes128Gcm => serializer.serialize_i32(41),
                Self::Aes256Gcm => serializer.serialize_i32(19),
                Self::Aes128Cbc => serializer.serialize_i32(42),
                Self::Aes256Cbc => serializer.serialize_i32(43),
                Self::Aes128Ctr => serializer.serialize_i32(44),
                Self::Aes256Ctr => serializer.serialize_i32(45),
                Self::RsaSignPss2048Sha256 => serializer.serialize_i32(2),
                Self::RsaSignPss3072Sha256 => serializer.serialize_i32(3),
                Self::RsaSignPss4096Sha256 => serializer.serialize_i32(4),
                Self::RsaSignPss4096Sha512 => serializer.serialize_i32(15),
                Self::RsaSignPkcs12048Sha256 => serializer.serialize_i32(5),
                Self::RsaSignPkcs13072Sha256 => serializer.serialize_i32(6),
                Self::RsaSignPkcs14096Sha256 => serializer.serialize_i32(7),
                Self::RsaSignPkcs14096Sha512 => serializer.serialize_i32(16),
                Self::RsaSignRawPkcs12048 => serializer.serialize_i32(28),
                Self::RsaSignRawPkcs13072 => serializer.serialize_i32(29),
                Self::RsaSignRawPkcs14096 => serializer.serialize_i32(30),
                Self::RsaDecryptOaep2048Sha256 => serializer.serialize_i32(8),
                Self::RsaDecryptOaep3072Sha256 => serializer.serialize_i32(9),
                Self::RsaDecryptOaep4096Sha256 => serializer.serialize_i32(10),
                Self::RsaDecryptOaep4096Sha512 => serializer.serialize_i32(17),
                Self::RsaDecryptOaep2048Sha1 => serializer.serialize_i32(37),
                Self::RsaDecryptOaep3072Sha1 => serializer.serialize_i32(38),
                Self::RsaDecryptOaep4096Sha1 => serializer.serialize_i32(39),
                Self::EcSignP256Sha256 => serializer.serialize_i32(12),
                Self::EcSignP384Sha384 => serializer.serialize_i32(13),
                Self::EcSignSecp256K1Sha256 => serializer.serialize_i32(31),
                Self::EcSignEd25519 => serializer.serialize_i32(40),
                Self::HmacSha256 => serializer.serialize_i32(32),
                Self::HmacSha1 => serializer.serialize_i32(33),
                Self::HmacSha384 => serializer.serialize_i32(34),
                Self::HmacSha512 => serializer.serialize_i32(35),
                Self::HmacSha224 => serializer.serialize_i32(36),
                Self::ExternalSymmetricEncryption => serializer.serialize_i32(18),
                Self::MlKem768 => serializer.serialize_i32(47),
                Self::MlKem1024 => serializer.serialize_i32(48),
                Self::KemXwing => serializer.serialize_i32(63),
                Self::PqSignMlDsa65 => serializer.serialize_i32(56),
                Self::PqSignSlhDsaSha2128S => serializer.serialize_i32(57),
                Self::UnknownValue(u) => u.0.serialize(serializer),
            }
        }
    }

    impl<'de> serde::de::Deserialize<'de> for CryptoKeyVersionAlgorithm {
        fn deserialize<D>(deserializer: D) -> std::result::Result<Self, D::Error>
        where
            D: serde::Deserializer<'de>,
        {
            deserializer.deserialize_any(
                wkt::internal::EnumVisitor::<CryptoKeyVersionAlgorithm>::new(
                    ".google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionAlgorithm",
                ),
            )
        }
    }

    /// The state of a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion],
    /// indicating if it can be used.
    ///
    /// [google.cloud.kms.v1.CryptoKeyVersion]: crate::model::CryptoKeyVersion
    ///
    /// # Working with unknown values
    ///
    /// This enum is defined as `#[non_exhaustive]` because Google Cloud may add
    /// additional enum variants at any time. Adding new variants is not considered
    /// a breaking change. Applications should write their code in anticipation of:
    ///
    /// - New values appearing in future releases of the client library, **and**
    /// - New values received dynamically, without application changes.
    ///
    /// Please consult the [Working with enums] section in the user guide for some
    /// guidelines.
    ///
    /// [Working with enums]: https://google-cloud-rust.github.io/working_with_enums.html
    #[derive(Clone, Debug, PartialEq)]
    #[non_exhaustive]
    pub enum CryptoKeyVersionState {
        /// Not specified.
        Unspecified,
        /// This version is still being generated. It may not be used, enabled,
        /// disabled, or destroyed yet. Cloud KMS will automatically mark this
        /// version
        /// [ENABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.ENABLED]
        /// as soon as the version is ready.
        ///
        /// [google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.ENABLED]: crate::model::crypto_key_version::CryptoKeyVersionState::Enabled
        PendingGeneration,
        /// This version may be used for cryptographic operations.
        Enabled,
        /// This version may not be used, but the key material is still available,
        /// and the version can be placed back into the
        /// [ENABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.ENABLED]
        /// state.
        ///
        /// [google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.ENABLED]: crate::model::crypto_key_version::CryptoKeyVersionState::Enabled
        Disabled,
        /// The key material of this version is destroyed and no longer stored.
        /// This version may only become
        /// [ENABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.ENABLED]
        /// again if this version is
        /// [reimport_eligible][google.cloud.kms.v1.CryptoKeyVersion.reimport_eligible]
        /// and the original key material is reimported with a call to
        /// [KeyManagementService.ImportCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.ImportCryptoKeyVersion].
        ///
        /// [google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.ENABLED]: crate::model::crypto_key_version::CryptoKeyVersionState::Enabled
        /// [google.cloud.kms.v1.CryptoKeyVersion.reimport_eligible]: crate::model::CryptoKeyVersion::reimport_eligible
        /// [google.cloud.kms.v1.KeyManagementService.ImportCryptoKeyVersion]: crate::client::KeyManagementService::import_crypto_key_version
        Destroyed,
        /// This version is scheduled for destruction, and will be destroyed soon.
        /// Call
        /// [RestoreCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.RestoreCryptoKeyVersion]
        /// to put it back into the
        /// [DISABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DISABLED]
        /// state.
        ///
        /// [google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DISABLED]: crate::model::crypto_key_version::CryptoKeyVersionState::Disabled
        /// [google.cloud.kms.v1.KeyManagementService.RestoreCryptoKeyVersion]: crate::client::KeyManagementService::restore_crypto_key_version
        DestroyScheduled,
        /// This version is still being imported. It may not be used, enabled,
        /// disabled, or destroyed yet. Cloud KMS will automatically mark this
        /// version
        /// [ENABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.ENABLED]
        /// as soon as the version is ready.
        ///
        /// [google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.ENABLED]: crate::model::crypto_key_version::CryptoKeyVersionState::Enabled
        PendingImport,
        /// This version was not imported successfully. It may not be used, enabled,
        /// disabled, or destroyed. The submitted key material has been discarded.
        /// Additional details can be found in
        /// [CryptoKeyVersion.import_failure_reason][google.cloud.kms.v1.CryptoKeyVersion.import_failure_reason].
        ///
        /// [google.cloud.kms.v1.CryptoKeyVersion.import_failure_reason]: crate::model::CryptoKeyVersion::import_failure_reason
        ImportFailed,
        /// This version was not generated successfully. It may not be used, enabled,
        /// disabled, or destroyed. Additional details can be found in
        /// [CryptoKeyVersion.generation_failure_reason][google.cloud.kms.v1.CryptoKeyVersion.generation_failure_reason].
        ///
        /// [google.cloud.kms.v1.CryptoKeyVersion.generation_failure_reason]: crate::model::CryptoKeyVersion::generation_failure_reason
        GenerationFailed,
        /// This version was destroyed, and it may not be used or enabled again.
        /// Cloud KMS is waiting for the corresponding key material residing in an
        /// external key manager to be destroyed.
        PendingExternalDestruction,
        /// This version was destroyed, and it may not be used or enabled again.
        /// However, Cloud KMS could not confirm that the corresponding key material
        /// residing in an external key manager was destroyed. Additional details can
        /// be found in
        /// [CryptoKeyVersion.external_destruction_failure_reason][google.cloud.kms.v1.CryptoKeyVersion.external_destruction_failure_reason].
        ///
        /// [google.cloud.kms.v1.CryptoKeyVersion.external_destruction_failure_reason]: crate::model::CryptoKeyVersion::external_destruction_failure_reason
        ExternalDestructionFailed,
        /// If set, the enum was initialized with an unknown value.
        ///
        /// Applications can examine the value using [CryptoKeyVersionState::value] or
        /// [CryptoKeyVersionState::name].
        UnknownValue(crypto_key_version_state::UnknownValue),
    }

    #[doc(hidden)]
    pub mod crypto_key_version_state {
        #[allow(unused_imports)]
        use super::*;
        #[derive(Clone, Debug, PartialEq)]
        pub struct UnknownValue(pub(crate) wkt::internal::UnknownEnumValue);
    }

    impl CryptoKeyVersionState {
        /// Gets the enum value.
        ///
        /// Returns `None` if the enum contains an unknown value deserialized from
        /// the string representation of enums.
        pub fn value(&self) -> std::option::Option<i32> {
            match self {
                Self::Unspecified => std::option::Option::Some(0),
                Self::PendingGeneration => std::option::Option::Some(5),
                Self::Enabled => std::option::Option::Some(1),
                Self::Disabled => std::option::Option::Some(2),
                Self::Destroyed => std::option::Option::Some(3),
                Self::DestroyScheduled => std::option::Option::Some(4),
                Self::PendingImport => std::option::Option::Some(6),
                Self::ImportFailed => std::option::Option::Some(7),
                Self::GenerationFailed => std::option::Option::Some(8),
                Self::PendingExternalDestruction => std::option::Option::Some(9),
                Self::ExternalDestructionFailed => std::option::Option::Some(10),
                Self::UnknownValue(u) => u.0.value(),
            }
        }

        /// Gets the enum value as a string.
        ///
        /// Returns `None` if the enum contains an unknown value deserialized from
        /// the integer representation of enums.
        pub fn name(&self) -> std::option::Option<&str> {
            match self {
                Self::Unspecified => {
                    std::option::Option::Some("CRYPTO_KEY_VERSION_STATE_UNSPECIFIED")
                }
                Self::PendingGeneration => std::option::Option::Some("PENDING_GENERATION"),
                Self::Enabled => std::option::Option::Some("ENABLED"),
                Self::Disabled => std::option::Option::Some("DISABLED"),
                Self::Destroyed => std::option::Option::Some("DESTROYED"),
                Self::DestroyScheduled => std::option::Option::Some("DESTROY_SCHEDULED"),
                Self::PendingImport => std::option::Option::Some("PENDING_IMPORT"),
                Self::ImportFailed => std::option::Option::Some("IMPORT_FAILED"),
                Self::GenerationFailed => std::option::Option::Some("GENERATION_FAILED"),
                Self::PendingExternalDestruction => {
                    std::option::Option::Some("PENDING_EXTERNAL_DESTRUCTION")
                }
                Self::ExternalDestructionFailed => {
                    std::option::Option::Some("EXTERNAL_DESTRUCTION_FAILED")
                }
                Self::UnknownValue(u) => u.0.name(),
            }
        }
    }

    impl std::default::Default for CryptoKeyVersionState {
        fn default() -> Self {
            use std::convert::From;
            Self::from(0)
        }
    }

    impl std::fmt::Display for CryptoKeyVersionState {
        fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::result::Result<(), std::fmt::Error> {
            wkt::internal::display_enum(f, self.name(), self.value())
        }
    }

    impl std::convert::From<i32> for CryptoKeyVersionState {
        fn from(value: i32) -> Self {
            match value {
                0 => Self::Unspecified,
                1 => Self::Enabled,
                2 => Self::Disabled,
                3 => Self::Destroyed,
                4 => Self::DestroyScheduled,
                5 => Self::PendingGeneration,
                6 => Self::PendingImport,
                7 => Self::ImportFailed,
                8 => Self::GenerationFailed,
                9 => Self::PendingExternalDestruction,
                10 => Self::ExternalDestructionFailed,
                _ => Self::UnknownValue(crypto_key_version_state::UnknownValue(
                    wkt::internal::UnknownEnumValue::Integer(value),
                )),
            }
        }
    }

    impl std::convert::From<&str> for CryptoKeyVersionState {
        fn from(value: &str) -> Self {
            use std::string::ToString;
            match value {
                "CRYPTO_KEY_VERSION_STATE_UNSPECIFIED" => Self::Unspecified,
                "PENDING_GENERATION" => Self::PendingGeneration,
                "ENABLED" => Self::Enabled,
                "DISABLED" => Self::Disabled,
                "DESTROYED" => Self::Destroyed,
                "DESTROY_SCHEDULED" => Self::DestroyScheduled,
                "PENDING_IMPORT" => Self::PendingImport,
                "IMPORT_FAILED" => Self::ImportFailed,
                "GENERATION_FAILED" => Self::GenerationFailed,
                "PENDING_EXTERNAL_DESTRUCTION" => Self::PendingExternalDestruction,
                "EXTERNAL_DESTRUCTION_FAILED" => Self::ExternalDestructionFailed,
                _ => Self::UnknownValue(crypto_key_version_state::UnknownValue(
                    wkt::internal::UnknownEnumValue::String(value.to_string()),
                )),
            }
        }
    }

    impl serde::ser::Serialize for CryptoKeyVersionState {
        fn serialize<S>(&self, serializer: S) -> std::result::Result<S::Ok, S::Error>
        where
            S: serde::Serializer,
        {
            match self {
                Self::Unspecified => serializer.serialize_i32(0),
                Self::PendingGeneration => serializer.serialize_i32(5),
                Self::Enabled => serializer.serialize_i32(1),
                Self::Disabled => serializer.serialize_i32(2),
                Self::Destroyed => serializer.serialize_i32(3),
                Self::DestroyScheduled => serializer.serialize_i32(4),
                Self::PendingImport => serializer.serialize_i32(6),
                Self::ImportFailed => serializer.serialize_i32(7),
                Self::GenerationFailed => serializer.serialize_i32(8),
                Self::PendingExternalDestruction => serializer.serialize_i32(9),
                Self::ExternalDestructionFailed => serializer.serialize_i32(10),
                Self::UnknownValue(u) => u.0.serialize(serializer),
            }
        }
    }

    impl<'de> serde::de::Deserialize<'de> for CryptoKeyVersionState {
        fn deserialize<D>(deserializer: D) -> std::result::Result<Self, D::Error>
        where
            D: serde::Deserializer<'de>,
        {
            deserializer.deserialize_any(wkt::internal::EnumVisitor::<CryptoKeyVersionState>::new(
                ".google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState",
            ))
        }
    }

    /// A view for [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]s.
    /// Controls the level of detail returned for
    /// [CryptoKeyVersions][google.cloud.kms.v1.CryptoKeyVersion] in
    /// [KeyManagementService.ListCryptoKeyVersions][google.cloud.kms.v1.KeyManagementService.ListCryptoKeyVersions]
    /// and
    /// [KeyManagementService.ListCryptoKeys][google.cloud.kms.v1.KeyManagementService.ListCryptoKeys].
    ///
    /// [google.cloud.kms.v1.CryptoKeyVersion]: crate::model::CryptoKeyVersion
    /// [google.cloud.kms.v1.KeyManagementService.ListCryptoKeyVersions]: crate::client::KeyManagementService::list_crypto_key_versions
    /// [google.cloud.kms.v1.KeyManagementService.ListCryptoKeys]: crate::client::KeyManagementService::list_crypto_keys
    ///
    /// # Working with unknown values
    ///
    /// This enum is defined as `#[non_exhaustive]` because Google Cloud may add
    /// additional enum variants at any time. Adding new variants is not considered
    /// a breaking change. Applications should write their code in anticipation of:
    ///
    /// - New values appearing in future releases of the client library, **and**
    /// - New values received dynamically, without application changes.
    ///
    /// Please consult the [Working with enums] section in the user guide for some
    /// guidelines.
    ///
    /// [Working with enums]: https://google-cloud-rust.github.io/working_with_enums.html
    #[derive(Clone, Debug, PartialEq)]
    #[non_exhaustive]
    pub enum CryptoKeyVersionView {
        /// Default view for each
        /// [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]. Does not
        /// include the
        /// [attestation][google.cloud.kms.v1.CryptoKeyVersion.attestation] field.
        ///
        /// [google.cloud.kms.v1.CryptoKeyVersion]: crate::model::CryptoKeyVersion
        /// [google.cloud.kms.v1.CryptoKeyVersion.attestation]: crate::model::CryptoKeyVersion::attestation
        Unspecified,
        /// Provides all fields in each
        /// [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion], including the
        /// [attestation][google.cloud.kms.v1.CryptoKeyVersion.attestation].
        ///
        /// [google.cloud.kms.v1.CryptoKeyVersion]: crate::model::CryptoKeyVersion
        /// [google.cloud.kms.v1.CryptoKeyVersion.attestation]: crate::model::CryptoKeyVersion::attestation
        Full,
        /// If set, the enum was initialized with an unknown value.
        ///
        /// Applications can examine the value using [CryptoKeyVersionView::value] or
        /// [CryptoKeyVersionView::name].
        UnknownValue(crypto_key_version_view::UnknownValue),
    }

    #[doc(hidden)]
    pub mod crypto_key_version_view {
        #[allow(unused_imports)]
        use super::*;
        #[derive(Clone, Debug, PartialEq)]
        pub struct UnknownValue(pub(crate) wkt::internal::UnknownEnumValue);
    }

    impl CryptoKeyVersionView {
        /// Gets the enum value.
        ///
        /// Returns `None` if the enum contains an unknown value deserialized from
        /// the string representation of enums.
        pub fn value(&self) -> std::option::Option<i32> {
            match self {
                Self::Unspecified => std::option::Option::Some(0),
                Self::Full => std::option::Option::Some(1),
                Self::UnknownValue(u) => u.0.value(),
            }
        }

        /// Gets the enum value as a string.
        ///
        /// Returns `None` if the enum contains an unknown value deserialized from
        /// the integer representation of enums.
        pub fn name(&self) -> std::option::Option<&str> {
            match self {
                Self::Unspecified => {
                    std::option::Option::Some("CRYPTO_KEY_VERSION_VIEW_UNSPECIFIED")
                }
                Self::Full => std::option::Option::Some("FULL"),
                Self::UnknownValue(u) => u.0.name(),
            }
        }
    }

    impl std::default::Default for CryptoKeyVersionView {
        fn default() -> Self {
            use std::convert::From;
            Self::from(0)
        }
    }

    impl std::fmt::Display for CryptoKeyVersionView {
        fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::result::Result<(), std::fmt::Error> {
            wkt::internal::display_enum(f, self.name(), self.value())
        }
    }

    impl std::convert::From<i32> for CryptoKeyVersionView {
        fn from(value: i32) -> Self {
            match value {
                0 => Self::Unspecified,
                1 => Self::Full,
                _ => Self::UnknownValue(crypto_key_version_view::UnknownValue(
                    wkt::internal::UnknownEnumValue::Integer(value),
                )),
            }
        }
    }

    impl std::convert::From<&str> for CryptoKeyVersionView {
        fn from(value: &str) -> Self {
            use std::string::ToString;
            match value {
                "CRYPTO_KEY_VERSION_VIEW_UNSPECIFIED" => Self::Unspecified,
                "FULL" => Self::Full,
                _ => Self::UnknownValue(crypto_key_version_view::UnknownValue(
                    wkt::internal::UnknownEnumValue::String(value.to_string()),
                )),
            }
        }
    }

    impl serde::ser::Serialize for CryptoKeyVersionView {
        fn serialize<S>(&self, serializer: S) -> std::result::Result<S::Ok, S::Error>
        where
            S: serde::Serializer,
        {
            match self {
                Self::Unspecified => serializer.serialize_i32(0),
                Self::Full => serializer.serialize_i32(1),
                Self::UnknownValue(u) => u.0.serialize(serializer),
            }
        }
    }

    impl<'de> serde::de::Deserialize<'de> for CryptoKeyVersionView {
        fn deserialize<D>(deserializer: D) -> std::result::Result<Self, D::Error>
        where
            D: serde::Deserializer<'de>,
        {
            deserializer.deserialize_any(wkt::internal::EnumVisitor::<CryptoKeyVersionView>::new(
                ".google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionView",
            ))
        }
    }
}

/// Data with integrity verification field.
#[derive(Clone, Default, PartialEq)]
#[non_exhaustive]
pub struct ChecksummedData {
    /// Raw Data.
    pub data: ::bytes::Bytes,

    /// Integrity verification field. A CRC32C
    /// checksum of the returned
    /// [ChecksummedData.data][google.cloud.kms.v1.ChecksummedData.data]. An
    /// integrity check of
    /// [ChecksummedData.data][google.cloud.kms.v1.ChecksummedData.data] can be
    /// performed by computing the CRC32C checksum of
    /// [ChecksummedData.data][google.cloud.kms.v1.ChecksummedData.data] and
    /// comparing your results to this field. Discard the response in case of
    /// non-matching checksum values, and perform a limited number of retries. A
    /// persistent mismatch may indicate an issue in your computation of the CRC32C
    /// checksum. Note: This field is defined as int64 for reasons of compatibility
    /// across different languages. However, it is a non-negative integer, which
    /// will never exceed `2^32-1`, and can be safely downconverted to uint32 in
    /// languages that support this type.
    ///
    /// [google.cloud.kms.v1.ChecksummedData.data]: crate::model::ChecksummedData::data
    pub crc32c_checksum: std::option::Option<wkt::Int64Value>,

    pub(crate) _unknown_fields: serde_json::Map<std::string::String, serde_json::Value>,
}

impl ChecksummedData {
    pub fn new() -> Self {
        std::default::Default::default()
    }

    /// Sets the value of [data][crate::model::ChecksummedData::data].
    pub fn set_data<T: std::convert::Into<::bytes::Bytes>>(mut self, v: T) -> Self {
        self.data = v.into();
        self
    }

    /// Sets the value of [crc32c_checksum][crate::model::ChecksummedData::crc32c_checksum].
    pub fn set_crc32c_checksum<T>(mut self, v: T) -> Self
    where
        T: std::convert::Into<wkt::Int64Value>,
    {
        self.crc32c_checksum = std::option::Option::Some(v.into());
        self
    }

    /// Sets or clears the value of [crc32c_checksum][crate::model::ChecksummedData::crc32c_checksum].
    pub fn set_or_clear_crc32c_checksum<T>(mut self, v: std::option::Option<T>) -> Self
    where
        T: std::convert::Into<wkt::Int64Value>,
    {
        self.crc32c_checksum = v.map(|x| x.into());
        self
    }
}

impl wkt::message::Message for ChecksummedData {
    fn typename() -> &'static str {
        "type.googleapis.com/google.cloud.kms.v1.ChecksummedData"
    }
}

/// The public keys for a given
/// [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]. Obtained via
/// [GetPublicKey][google.cloud.kms.v1.KeyManagementService.GetPublicKey].
///
/// [google.cloud.kms.v1.CryptoKeyVersion]: crate::model::CryptoKeyVersion
/// [google.cloud.kms.v1.KeyManagementService.GetPublicKey]: crate::client::KeyManagementService::get_public_key
#[derive(Clone, Default, PartialEq)]
#[non_exhaustive]
pub struct PublicKey {
    /// The public key, encoded in PEM format. For more information, see the
    /// [RFC 7468](https://tools.ietf.org/html/rfc7468) sections for
    /// [General Considerations](https://tools.ietf.org/html/rfc7468#section-2) and
    /// [Textual Encoding of Subject Public Key Info]
    /// (<https://tools.ietf.org/html/rfc7468#section-13>).
    pub pem: std::string::String,

    /// The
    /// [Algorithm][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionAlgorithm]
    /// associated with this key.
    ///
    /// [google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionAlgorithm]: crate::model::crypto_key_version::CryptoKeyVersionAlgorithm
    pub algorithm: crate::model::crypto_key_version::CryptoKeyVersionAlgorithm,

    /// Integrity verification field. A CRC32C checksum of the returned
    /// [PublicKey.pem][google.cloud.kms.v1.PublicKey.pem]. An integrity check of
    /// [PublicKey.pem][google.cloud.kms.v1.PublicKey.pem] can be performed by
    /// computing the CRC32C checksum of
    /// [PublicKey.pem][google.cloud.kms.v1.PublicKey.pem] and comparing your
    /// results to this field. Discard the response in case of non-matching
    /// checksum values, and perform a limited number of retries. A persistent
    /// mismatch may indicate an issue in your computation of the CRC32C checksum.
    /// Note: This field is defined as int64 for reasons of compatibility across
    /// different languages. However, it is a non-negative integer, which will
    /// never exceed `2^32-1`, and can be safely downconverted to uint32 in
    /// languages that support this type.
    ///
    /// NOTE: This field is in Beta.
    ///
    /// [google.cloud.kms.v1.PublicKey.pem]: crate::model::PublicKey::pem
    pub pem_crc32c: std::option::Option<wkt::Int64Value>,

    /// The [name][google.cloud.kms.v1.CryptoKeyVersion.name] of the
    /// [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] public key.
    /// Provided here for verification.
    ///
    /// NOTE: This field is in Beta.
    ///
    /// [google.cloud.kms.v1.CryptoKeyVersion]: crate::model::CryptoKeyVersion
    /// [google.cloud.kms.v1.CryptoKeyVersion.name]: crate::model::CryptoKeyVersion::name
    pub name: std::string::String,

    /// The [ProtectionLevel][google.cloud.kms.v1.ProtectionLevel] of the
    /// [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] public key.
    ///
    /// [google.cloud.kms.v1.CryptoKeyVersion]: crate::model::CryptoKeyVersion
    /// [google.cloud.kms.v1.ProtectionLevel]: crate::model::ProtectionLevel
    pub protection_level: crate::model::ProtectionLevel,

    /// The [PublicKey][google.cloud.kms.v1.PublicKey] format specified by the
    /// customer through the
    /// [public_key_format][google.cloud.kms.v1.GetPublicKeyRequest.public_key_format]
    /// field.
    ///
    /// [google.cloud.kms.v1.GetPublicKeyRequest.public_key_format]: crate::model::GetPublicKeyRequest::public_key_format
    /// [google.cloud.kms.v1.PublicKey]: crate::model::PublicKey
    pub public_key_format: crate::model::public_key::PublicKeyFormat,

    /// This field contains the public key (with integrity verification), formatted
    /// according to the
    /// [public_key_format][google.cloud.kms.v1.PublicKey.public_key_format] field.
    ///
    /// [google.cloud.kms.v1.PublicKey.public_key_format]: crate::model::PublicKey::public_key_format
    pub public_key: std::option::Option<crate::model::ChecksummedData>,

    pub(crate) _unknown_fields: serde_json::Map<std::string::String, serde_json::Value>,
}

impl PublicKey {
    pub fn new() -> Self {
        std::default::Default::default()
    }

    /// Sets the value of [pem][crate::model::PublicKey::pem].
    pub fn set_pem<T: std::convert::Into<std::string::String>>(mut self, v: T) -> Self {
        self.pem = v.into();
        self
    }

    /// Sets the value of [algorithm][crate::model::PublicKey::algorithm].
    pub fn set_algorithm<
        T: std::convert::Into<crate::model::crypto_key_version::CryptoKeyVersionAlgorithm>,
    >(
        mut self,
        v: T,
    ) -> Self {
        self.algorithm = v.into();
        self
    }

    /// Sets the value of [pem_crc32c][crate::model::PublicKey::pem_crc32c].
    pub fn set_pem_crc32c<T>(mut self, v: T) -> Self
    where
        T: std::convert::Into<wkt::Int64Value>,
    {
        self.pem_crc32c = std::option::Option::Some(v.into());
        self
    }

    /// Sets or clears the value of [pem_crc32c][crate::model::PublicKey::pem_crc32c].
    pub fn set_or_clear_pem_crc32c<T>(mut self, v: std::option::Option<T>) -> Self
    where
        T: std::convert::Into<wkt::Int64Value>,
    {
        self.pem_crc32c = v.map(|x| x.into());
        self
    }

    /// Sets the value of [name][crate::model::PublicKey::name].
    pub fn set_name<T: std::convert::Into<std::string::String>>(mut self, v: T) -> Self {
        self.name = v.into();
        self
    }

    /// Sets the value of [protection_level][crate::model::PublicKey::protection_level].
    pub fn set_protection_level<T: std::convert::Into<crate::model::ProtectionLevel>>(
        mut self,
        v: T,
    ) -> Self {
        self.protection_level = v.into();
        self
    }

    /// Sets the value of [public_key_format][crate::model::PublicKey::public_key_format].
    pub fn set_public_key_format<
        T: std::convert::Into<crate::model::public_key::PublicKeyFormat>,
    >(
        mut self,
        v: T,
    ) -> Self {
        self.public_key_format = v.into();
        self
    }

    /// Sets the value of [public_key][crate::model::PublicKey::public_key].
    pub fn set_public_key<T>(mut self, v: T) -> Self
    where
        T: std::convert::Into<crate::model::ChecksummedData>,
    {
        self.public_key = std::option::Option::Some(v.into());
        self
    }

    /// Sets or clears the value of [public_key][crate::model::PublicKey::public_key].
    pub fn set_or_clear_public_key<T>(mut self, v: std::option::Option<T>) -> Self
    where
        T: std::convert::Into<crate::model::ChecksummedData>,
    {
        self.public_key = v.map(|x| x.into());
        self
    }
}

impl wkt::message::Message for PublicKey {
    fn typename() -> &'static str {
        "type.googleapis.com/google.cloud.kms.v1.PublicKey"
    }
}

/// Defines additional types related to [PublicKey].
pub mod public_key {
    #[allow(unused_imports)]
    use super::*;

    /// The supported [PublicKey][google.cloud.kms.v1.PublicKey] formats.
    ///
    /// [google.cloud.kms.v1.PublicKey]: crate::model::PublicKey
    ///
    /// # Working with unknown values
    ///
    /// This enum is defined as `#[non_exhaustive]` because Google Cloud may add
    /// additional enum variants at any time. Adding new variants is not considered
    /// a breaking change. Applications should write their code in anticipation of:
    ///
    /// - New values appearing in future releases of the client library, **and**
    /// - New values received dynamically, without application changes.
    ///
    /// Please consult the [Working with enums] section in the user guide for some
    /// guidelines.
    ///
    /// [Working with enums]: https://google-cloud-rust.github.io/working_with_enums.html
    #[derive(Clone, Debug, PartialEq)]
    #[non_exhaustive]
    pub enum PublicKeyFormat {
        /// If the
        /// [public_key_format][google.cloud.kms.v1.GetPublicKeyRequest.public_key_format]
        /// field is not specified:
        ///
        /// - For PQC algorithms, an error will be returned.
        /// - For non-PQC algorithms, the default format is PEM, and the field
        ///   [pem][google.cloud.kms.v1.PublicKey.pem] will be populated.
        ///
        /// Otherwise, the public key will be exported through the
        /// [public_key][google.cloud.kms.v1.PublicKey.public_key] field in the
        /// requested format.
        ///
        /// [google.cloud.kms.v1.GetPublicKeyRequest.public_key_format]: crate::model::GetPublicKeyRequest::public_key_format
        /// [google.cloud.kms.v1.PublicKey.pem]: crate::model::PublicKey::pem
        /// [google.cloud.kms.v1.PublicKey.public_key]: crate::model::PublicKey::public_key
        Unspecified,
        /// The returned public key will be encoded in PEM format.
        /// See the [RFC7468](https://tools.ietf.org/html/rfc7468) sections for
        /// [General Considerations](https://tools.ietf.org/html/rfc7468#section-2)
        /// and [Textual Encoding of Subject Public Key Info]
        /// (<https://tools.ietf.org/html/rfc7468#section-13>) for more information.
        Pem,
        /// The returned public key will be encoded in DER format (the
        /// PrivateKeyInfo structure from RFC 5208).
        Der,
        /// This is supported only for PQC algorithms.
        /// The key material is returned in the format defined by NIST PQC
        /// standards (FIPS 203, FIPS 204, and FIPS 205).
        NistPqc,
        /// The returned public key is in raw bytes format defined in its standard
        /// <https://datatracker.ietf.org/doc/draft-connolly-cfrg-xwing-kem>.
        XwingRawBytes,
        /// If set, the enum was initialized with an unknown value.
        ///
        /// Applications can examine the value using [PublicKeyFormat::value] or
        /// [PublicKeyFormat::name].
        UnknownValue(public_key_format::UnknownValue),
    }

    #[doc(hidden)]
    pub mod public_key_format {
        #[allow(unused_imports)]
        use super::*;
        #[derive(Clone, Debug, PartialEq)]
        pub struct UnknownValue(pub(crate) wkt::internal::UnknownEnumValue);
    }

    impl PublicKeyFormat {
        /// Gets the enum value.
        ///
        /// Returns `None` if the enum contains an unknown value deserialized from
        /// the string representation of enums.
        pub fn value(&self) -> std::option::Option<i32> {
            match self {
                Self::Unspecified => std::option::Option::Some(0),
                Self::Pem => std::option::Option::Some(1),
                Self::Der => std::option::Option::Some(2),
                Self::NistPqc => std::option::Option::Some(3),
                Self::XwingRawBytes => std::option::Option::Some(4),
                Self::UnknownValue(u) => u.0.value(),
            }
        }

        /// Gets the enum value as a string.
        ///
        /// Returns `None` if the enum contains an unknown value deserialized from
        /// the integer representation of enums.
        pub fn name(&self) -> std::option::Option<&str> {
            match self {
                Self::Unspecified => std::option::Option::Some("PUBLIC_KEY_FORMAT_UNSPECIFIED"),
                Self::Pem => std::option::Option::Some("PEM"),
                Self::Der => std::option::Option::Some("DER"),
                Self::NistPqc => std::option::Option::Some("NIST_PQC"),
                Self::XwingRawBytes => std::option::Option::Some("XWING_RAW_BYTES"),
                Self::UnknownValue(u) => u.0.name(),
            }
        }
    }

    impl std::default::Default for PublicKeyFormat {
        fn default() -> Self {
            use std::convert::From;
            Self::from(0)
        }
    }

    impl std::fmt::Display for PublicKeyFormat {
        fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::result::Result<(), std::fmt::Error> {
            wkt::internal::display_enum(f, self.name(), self.value())
        }
    }

    impl std::convert::From<i32> for PublicKeyFormat {
        fn from(value: i32) -> Self {
            match value {
                0 => Self::Unspecified,
                1 => Self::Pem,
                2 => Self::Der,
                3 => Self::NistPqc,
                4 => Self::XwingRawBytes,
                _ => Self::UnknownValue(public_key_format::UnknownValue(
                    wkt::internal::UnknownEnumValue::Integer(value),
                )),
            }
        }
    }

    impl std::convert::From<&str> for PublicKeyFormat {
        fn from(value: &str) -> Self {
            use std::string::ToString;
            match value {
                "PUBLIC_KEY_FORMAT_UNSPECIFIED" => Self::Unspecified,
                "PEM" => Self::Pem,
                "DER" => Self::Der,
                "NIST_PQC" => Self::NistPqc,
                "XWING_RAW_BYTES" => Self::XwingRawBytes,
                _ => Self::UnknownValue(public_key_format::UnknownValue(
                    wkt::internal::UnknownEnumValue::String(value.to_string()),
                )),
            }
        }
    }

    impl serde::ser::Serialize for PublicKeyFormat {
        fn serialize<S>(&self, serializer: S) -> std::result::Result<S::Ok, S::Error>
        where
            S: serde::Serializer,
        {
            match self {
                Self::Unspecified => serializer.serialize_i32(0),
                Self::Pem => serializer.serialize_i32(1),
                Self::Der => serializer.serialize_i32(2),
                Self::NistPqc => serializer.serialize_i32(3),
                Self::XwingRawBytes => serializer.serialize_i32(4),
                Self::UnknownValue(u) => u.0.serialize(serializer),
            }
        }
    }

    impl<'de> serde::de::Deserialize<'de> for PublicKeyFormat {
        fn deserialize<D>(deserializer: D) -> std::result::Result<Self, D::Error>
        where
            D: serde::Deserializer<'de>,
        {
            deserializer.deserialize_any(wkt::internal::EnumVisitor::<PublicKeyFormat>::new(
                ".google.cloud.kms.v1.PublicKey.PublicKeyFormat",
            ))
        }
    }
}

/// An [ImportJob][google.cloud.kms.v1.ImportJob] can be used to create
/// [CryptoKeys][google.cloud.kms.v1.CryptoKey] and
/// [CryptoKeyVersions][google.cloud.kms.v1.CryptoKeyVersion] using pre-existing
/// key material, generated outside of Cloud KMS.
///
/// When an [ImportJob][google.cloud.kms.v1.ImportJob] is created, Cloud KMS will
/// generate a "wrapping key", which is a public/private key pair. You use the
/// wrapping key to encrypt (also known as wrap) the pre-existing key material to
/// protect it during the import process. The nature of the wrapping key depends
/// on the choice of
/// [import_method][google.cloud.kms.v1.ImportJob.import_method]. When the
/// wrapping key generation is complete, the
/// [state][google.cloud.kms.v1.ImportJob.state] will be set to
/// [ACTIVE][google.cloud.kms.v1.ImportJob.ImportJobState.ACTIVE] and the
/// [public_key][google.cloud.kms.v1.ImportJob.public_key] can be fetched. The
/// fetched public key can then be used to wrap your pre-existing key material.
///
/// Once the key material is wrapped, it can be imported into a new
/// [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] in an existing
/// [CryptoKey][google.cloud.kms.v1.CryptoKey] by calling
/// [ImportCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.ImportCryptoKeyVersion].
/// Multiple [CryptoKeyVersions][google.cloud.kms.v1.CryptoKeyVersion] can be
/// imported with a single [ImportJob][google.cloud.kms.v1.ImportJob]. Cloud KMS
/// uses the private key portion of the wrapping key to unwrap the key material.
/// Only Cloud KMS has access to the private key.
///
/// An [ImportJob][google.cloud.kms.v1.ImportJob] expires 3 days after it is
/// created. Once expired, Cloud KMS will no longer be able to import or unwrap
/// any key material that was wrapped with the
/// [ImportJob][google.cloud.kms.v1.ImportJob]'s public key.
///
/// For more information, see
/// [Importing a key](https://cloud.google.com/kms/docs/importing-a-key).
///
/// [google.cloud.kms.v1.CryptoKey]: crate::model::CryptoKey
/// [google.cloud.kms.v1.CryptoKeyVersion]: crate::model::CryptoKeyVersion
/// [google.cloud.kms.v1.ImportJob]: crate::model::ImportJob
/// [google.cloud.kms.v1.ImportJob.ImportJobState.ACTIVE]: crate::model::import_job::ImportJobState::Active
/// [google.cloud.kms.v1.ImportJob.import_method]: crate::model::ImportJob::import_method
/// [google.cloud.kms.v1.ImportJob.public_key]: crate::model::ImportJob::public_key
/// [google.cloud.kms.v1.ImportJob.state]: crate::model::ImportJob::state
/// [google.cloud.kms.v1.KeyManagementService.ImportCryptoKeyVersion]: crate::client::KeyManagementService::import_crypto_key_version
#[derive(Clone, Default, PartialEq)]
#[non_exhaustive]
pub struct ImportJob {
    /// Output only. The resource name for this
    /// [ImportJob][google.cloud.kms.v1.ImportJob] in the format
    /// `projects/*/locations/*/keyRings/*/importJobs/*`.
    ///
    /// [google.cloud.kms.v1.ImportJob]: crate::model::ImportJob
    pub name: std::string::String,

    /// Required. Immutable. The wrapping method to be used for incoming key
    /// material.
    pub import_method: crate::model::import_job::ImportMethod,

    /// Required. Immutable. The protection level of the
    /// [ImportJob][google.cloud.kms.v1.ImportJob]. This must match the
    /// [protection_level][google.cloud.kms.v1.CryptoKeyVersionTemplate.protection_level]
    /// of the [version_template][google.cloud.kms.v1.CryptoKey.version_template]
    /// on the [CryptoKey][google.cloud.kms.v1.CryptoKey] you attempt to import
    /// into.
    ///
    /// [google.cloud.kms.v1.CryptoKey]: crate::model::CryptoKey
    /// [google.cloud.kms.v1.CryptoKey.version_template]: crate::model::CryptoKey::version_template
    /// [google.cloud.kms.v1.CryptoKeyVersionTemplate.protection_level]: crate::model::CryptoKeyVersionTemplate::protection_level
    /// [google.cloud.kms.v1.ImportJob]: crate::model::ImportJob
    pub protection_level: crate::model::ProtectionLevel,

    /// Output only. The time at which this
    /// [ImportJob][google.cloud.kms.v1.ImportJob] was created.
    ///
    /// [google.cloud.kms.v1.ImportJob]: crate::model::ImportJob
    pub create_time: std::option::Option<wkt::Timestamp>,

    /// Output only. The time this [ImportJob][google.cloud.kms.v1.ImportJob]'s key
    /// material was generated.
    ///
    /// [google.cloud.kms.v1.ImportJob]: crate::model::ImportJob
    pub generate_time: std::option::Option<wkt::Timestamp>,

    /// Output only. The time at which this
    /// [ImportJob][google.cloud.kms.v1.ImportJob] is scheduled for expiration and
    /// can no longer be used to import key material.
    ///
    /// [google.cloud.kms.v1.ImportJob]: crate::model::ImportJob
    pub expire_time: std::option::Option<wkt::Timestamp>,

    /// Output only. The time this [ImportJob][google.cloud.kms.v1.ImportJob]
    /// expired. Only present if [state][google.cloud.kms.v1.ImportJob.state] is
    /// [EXPIRED][google.cloud.kms.v1.ImportJob.ImportJobState.EXPIRED].
    ///
    /// [google.cloud.kms.v1.ImportJob]: crate::model::ImportJob
    /// [google.cloud.kms.v1.ImportJob.ImportJobState.EXPIRED]: crate::model::import_job::ImportJobState::Expired
    /// [google.cloud.kms.v1.ImportJob.state]: crate::model::ImportJob::state
    pub expire_event_time: std::option::Option<wkt::Timestamp>,

    /// Output only. The current state of the
    /// [ImportJob][google.cloud.kms.v1.ImportJob], indicating if it can be used.
    ///
    /// [google.cloud.kms.v1.ImportJob]: crate::model::ImportJob
    pub state: crate::model::import_job::ImportJobState,

    /// Output only. The public key with which to wrap key material prior to
    /// import. Only returned if [state][google.cloud.kms.v1.ImportJob.state] is
    /// [ACTIVE][google.cloud.kms.v1.ImportJob.ImportJobState.ACTIVE].
    ///
    /// [google.cloud.kms.v1.ImportJob.ImportJobState.ACTIVE]: crate::model::import_job::ImportJobState::Active
    /// [google.cloud.kms.v1.ImportJob.state]: crate::model::ImportJob::state
    pub public_key: std::option::Option<crate::model::import_job::WrappingPublicKey>,

    /// Output only. Statement that was generated and signed by the key creator
    /// (for example, an HSM) at key creation time. Use this statement to verify
    /// attributes of the key as stored on the HSM, independently of Google.
    /// Only present if the chosen
    /// [ImportMethod][google.cloud.kms.v1.ImportJob.ImportMethod] is one with a
    /// protection level of [HSM][google.cloud.kms.v1.ProtectionLevel.HSM].
    ///
    /// [google.cloud.kms.v1.ImportJob.ImportMethod]: crate::model::import_job::ImportMethod
    /// [google.cloud.kms.v1.ProtectionLevel.HSM]: crate::model::ProtectionLevel::Hsm
    pub attestation: std::option::Option<crate::model::KeyOperationAttestation>,

    pub(crate) _unknown_fields: serde_json::Map<std::string::String, serde_json::Value>,
}

impl ImportJob {
    pub fn new() -> Self {
        std::default::Default::default()
    }

    /// Sets the value of [name][crate::model::ImportJob::name].
    pub fn set_name<T: std::convert::Into<std::string::String>>(mut self, v: T) -> Self {
        self.name = v.into();
        self
    }

    /// Sets the value of [import_method][crate::model::ImportJob::import_method].
    pub fn set_import_method<T: std::convert::Into<crate::model::import_job::ImportMethod>>(
        mut self,
        v: T,
    ) -> Self {
        self.import_method = v.into();
        self
    }

    /// Sets the value of [protection_level][crate::model::ImportJob::protection_level].
    pub fn set_protection_level<T: std::convert::Into<crate::model::ProtectionLevel>>(
        mut self,
        v: T,
    ) -> Self {
        self.protection_level = v.into();
        self
    }

    /// Sets the value of [create_time][crate::model::ImportJob::create_time].
    pub fn set_create_time<T>(mut self, v: T) -> Self
    where
        T: std::convert::Into<wkt::Timestamp>,
    {
        self.create_time = std::option::Option::Some(v.into());
        self
    }

    /// Sets or clears the value of [create_time][crate::model::ImportJob::create_time].
    pub fn set_or_clear_create_time<T>(mut self, v: std::option::Option<T>) -> Self
    where
        T: std::convert::Into<wkt::Timestamp>,
    {
        self.create_time = v.map(|x| x.into());
        self
    }

    /// Sets the value of [generate_time][crate::model::ImportJob::generate_time].
    pub fn set_generate_time<T>(mut self, v: T) -> Self
    where
        T: std::convert::Into<wkt::Timestamp>,
    {
        self.generate_time = std::option::Option::Some(v.into());
        self
    }

    /// Sets or clears the value of [generate_time][crate::model::ImportJob::generate_time].
    pub fn set_or_clear_generate_time<T>(mut self, v: std::option::Option<T>) -> Self
    where
        T: std::convert::Into<wkt::Timestamp>,
    {
        self.generate_time = v.map(|x| x.into());
        self
    }

    /// Sets the value of [expire_time][crate::model::ImportJob::expire_time].
    pub fn set_expire_time<T>(mut self, v: T) -> Self
    where
        T: std::convert::Into<wkt::Timestamp>,
    {
        self.expire_time = std::option::Option::Some(v.into());
        self
    }

    /// Sets or clears the value of [expire_time][crate::model::ImportJob::expire_time].
    pub fn set_or_clear_expire_time<T>(mut self, v: std::option::Option<T>) -> Self
    where
        T: std::convert::Into<wkt::Timestamp>,
    {
        self.expire_time = v.map(|x| x.into());
        self
    }

    /// Sets the value of [expire_event_time][crate::model::ImportJob::expire_event_time].
    pub fn set_expire_event_time<T>(mut self, v: T) -> Self
    where
        T: std::convert::Into<wkt::Timestamp>,
    {
        self.expire_event_time = std::option::Option::Some(v.into());
        self
    }

    /// Sets or clears the value of [expire_event_time][crate::model::ImportJob::expire_event_time].
    pub fn set_or_clear_expire_event_time<T>(mut self, v: std::option::Option<T>) -> Self
    where
        T: std::convert::Into<wkt::Timestamp>,
    {
        self.expire_event_time = v.map(|x| x.into());
        self
    }

    /// Sets the value of [state][crate::model::ImportJob::state].
    pub fn set_state<T: std::convert::Into<crate::model::import_job::ImportJobState>>(
        mut self,
        v: T,
    ) -> Self {
        self.state = v.into();
        self
    }

    /// Sets the value of [public_key][crate::model::ImportJob::public_key].
    pub fn set_public_key<T>(mut self, v: T) -> Self
    where
        T: std::convert::Into<crate::model::import_job::WrappingPublicKey>,
    {
        self.public_key = std::option::Option::Some(v.into());
        self
    }

    /// Sets or clears the value of [public_key][crate::model::ImportJob::public_key].
    pub fn set_or_clear_public_key<T>(mut self, v: std::option::Option<T>) -> Self
    where
        T: std::convert::Into<crate::model::import_job::WrappingPublicKey>,
    {
        self.public_key = v.map(|x| x.into());
        self
    }

    /// Sets the value of [attestation][crate::model::ImportJob::attestation].
    pub fn set_attestation<T>(mut self, v: T) -> Self
    where
        T: std::convert::Into<crate::model::KeyOperationAttestation>,
    {
        self.attestation = std::option::Option::Some(v.into());
        self
    }

    /// Sets or clears the value of [attestation][crate::model::ImportJob::attestation].
    pub fn set_or_clear_attestation<T>(mut self, v: std::option::Option<T>) -> Self
    where
        T: std::convert::Into<crate::model::KeyOperationAttestation>,
    {
        self.attestation = v.map(|x| x.into());
        self
    }
}

impl wkt::message::Message for ImportJob {
    fn typename() -> &'static str {
        "type.googleapis.com/google.cloud.kms.v1.ImportJob"
    }
}

/// Defines additional types related to [ImportJob].
pub mod import_job {
    #[allow(unused_imports)]
    use super::*;

    /// The public key component of the wrapping key. For details of the type of
    /// key this public key corresponds to, see the
    /// [ImportMethod][google.cloud.kms.v1.ImportJob.ImportMethod].
    ///
    /// [google.cloud.kms.v1.ImportJob.ImportMethod]: crate::model::import_job::ImportMethod
    #[derive(Clone, Default, PartialEq)]
    #[non_exhaustive]
    pub struct WrappingPublicKey {
        /// The public key, encoded in PEM format. For more information, see the [RFC
        /// 7468](https://tools.ietf.org/html/rfc7468) sections for [General
        /// Considerations](https://tools.ietf.org/html/rfc7468#section-2) and
        /// [Textual Encoding of Subject Public Key Info]
        /// (<https://tools.ietf.org/html/rfc7468#section-13>).
        pub pem: std::string::String,

        pub(crate) _unknown_fields: serde_json::Map<std::string::String, serde_json::Value>,
    }

    impl WrappingPublicKey {
        pub fn new() -> Self {
            std::default::Default::default()
        }

        /// Sets the value of [pem][crate::model::import_job::WrappingPublicKey::pem].
        pub fn set_pem<T: std::convert::Into<std::string::String>>(mut self, v: T) -> Self {
            self.pem = v.into();
            self
        }
    }

    impl wkt::message::Message for WrappingPublicKey {
        fn typename() -> &'static str {
            "type.googleapis.com/google.cloud.kms.v1.ImportJob.WrappingPublicKey"
        }
    }

    /// [ImportMethod][google.cloud.kms.v1.ImportJob.ImportMethod] describes the
    /// key wrapping method chosen for this
    /// [ImportJob][google.cloud.kms.v1.ImportJob].
    ///
    /// [google.cloud.kms.v1.ImportJob]: crate::model::ImportJob
    /// [google.cloud.kms.v1.ImportJob.ImportMethod]: crate::model::import_job::ImportMethod
    ///
    /// # Working with unknown values
    ///
    /// This enum is defined as `#[non_exhaustive]` because Google Cloud may add
    /// additional enum variants at any time. Adding new variants is not considered
    /// a breaking change. Applications should write their code in anticipation of:
    ///
    /// - New values appearing in future releases of the client library, **and**
    /// - New values received dynamically, without application changes.
    ///
    /// Please consult the [Working with enums] section in the user guide for some
    /// guidelines.
    ///
    /// [Working with enums]: https://google-cloud-rust.github.io/working_with_enums.html
    #[derive(Clone, Debug, PartialEq)]
    #[non_exhaustive]
    pub enum ImportMethod {
        /// Not specified.
        Unspecified,
        /// This ImportMethod represents the CKM_RSA_AES_KEY_WRAP key wrapping
        /// scheme defined in the PKCS #11 standard. In summary, this involves
        /// wrapping the raw key with an ephemeral AES key, and wrapping the
        /// ephemeral AES key with a 3072 bit RSA key. For more details, see
        /// [RSA AES key wrap
        /// mechanism](http://docs.oasis-open.org/pkcs11/pkcs11-curr/v2.40/cos01/pkcs11-curr-v2.40-cos01.html#_Toc408226908).
        RsaOaep3072Sha1Aes256,
        /// This ImportMethod represents the CKM_RSA_AES_KEY_WRAP key wrapping
        /// scheme defined in the PKCS #11 standard. In summary, this involves
        /// wrapping the raw key with an ephemeral AES key, and wrapping the
        /// ephemeral AES key with a 4096 bit RSA key. For more details, see
        /// [RSA AES key wrap
        /// mechanism](http://docs.oasis-open.org/pkcs11/pkcs11-curr/v2.40/cos01/pkcs11-curr-v2.40-cos01.html#_Toc408226908).
        RsaOaep4096Sha1Aes256,
        /// This ImportMethod represents the CKM_RSA_AES_KEY_WRAP key wrapping
        /// scheme defined in the PKCS #11 standard. In summary, this involves
        /// wrapping the raw key with an ephemeral AES key, and wrapping the
        /// ephemeral AES key with a 3072 bit RSA key. For more details, see
        /// [RSA AES key wrap
        /// mechanism](http://docs.oasis-open.org/pkcs11/pkcs11-curr/v2.40/cos01/pkcs11-curr-v2.40-cos01.html#_Toc408226908).
        RsaOaep3072Sha256Aes256,
        /// This ImportMethod represents the CKM_RSA_AES_KEY_WRAP key wrapping
        /// scheme defined in the PKCS #11 standard. In summary, this involves
        /// wrapping the raw key with an ephemeral AES key, and wrapping the
        /// ephemeral AES key with a 4096 bit RSA key. For more details, see
        /// [RSA AES key wrap
        /// mechanism](http://docs.oasis-open.org/pkcs11/pkcs11-curr/v2.40/cos01/pkcs11-curr-v2.40-cos01.html#_Toc408226908).
        RsaOaep4096Sha256Aes256,
        /// This ImportMethod represents RSAES-OAEP with a 3072 bit RSA key. The
        /// key material to be imported is wrapped directly with the RSA key. Due
        /// to technical limitations of RSA wrapping, this method cannot be used to
        /// wrap RSA keys for import.
        RsaOaep3072Sha256,
        /// This ImportMethod represents RSAES-OAEP with a 4096 bit RSA key. The
        /// key material to be imported is wrapped directly with the RSA key. Due
        /// to technical limitations of RSA wrapping, this method cannot be used to
        /// wrap RSA keys for import.
        RsaOaep4096Sha256,
        /// If set, the enum was initialized with an unknown value.
        ///
        /// Applications can examine the value using [ImportMethod::value] or
        /// [ImportMethod::name].
        UnknownValue(import_method::UnknownValue),
    }

    #[doc(hidden)]
    pub mod import_method {
        #[allow(unused_imports)]
        use super::*;
        #[derive(Clone, Debug, PartialEq)]
        pub struct UnknownValue(pub(crate) wkt::internal::UnknownEnumValue);
    }

    impl ImportMethod {
        /// Gets the enum value.
        ///
        /// Returns `None` if the enum contains an unknown value deserialized from
        /// the string representation of enums.
        pub fn value(&self) -> std::option::Option<i32> {
            match self {
                Self::Unspecified => std::option::Option::Some(0),
                Self::RsaOaep3072Sha1Aes256 => std::option::Option::Some(1),
                Self::RsaOaep4096Sha1Aes256 => std::option::Option::Some(2),
                Self::RsaOaep3072Sha256Aes256 => std::option::Option::Some(3),
                Self::RsaOaep4096Sha256Aes256 => std::option::Option::Some(4),
                Self::RsaOaep3072Sha256 => std::option::Option::Some(5),
                Self::RsaOaep4096Sha256 => std::option::Option::Some(6),
                Self::UnknownValue(u) => u.0.value(),
            }
        }

        /// Gets the enum value as a string.
        ///
        /// Returns `None` if the enum contains an unknown value deserialized from
        /// the integer representation of enums.
        pub fn name(&self) -> std::option::Option<&str> {
            match self {
                Self::Unspecified => std::option::Option::Some("IMPORT_METHOD_UNSPECIFIED"),
                Self::RsaOaep3072Sha1Aes256 => {
                    std::option::Option::Some("RSA_OAEP_3072_SHA1_AES_256")
                }
                Self::RsaOaep4096Sha1Aes256 => {
                    std::option::Option::Some("RSA_OAEP_4096_SHA1_AES_256")
                }
                Self::RsaOaep3072Sha256Aes256 => {
                    std::option::Option::Some("RSA_OAEP_3072_SHA256_AES_256")
                }
                Self::RsaOaep4096Sha256Aes256 => {
                    std::option::Option::Some("RSA_OAEP_4096_SHA256_AES_256")
                }
                Self::RsaOaep3072Sha256 => std::option::Option::Some("RSA_OAEP_3072_SHA256"),
                Self::RsaOaep4096Sha256 => std::option::Option::Some("RSA_OAEP_4096_SHA256"),
                Self::UnknownValue(u) => u.0.name(),
            }
        }
    }

    impl std::default::Default for ImportMethod {
        fn default() -> Self {
            use std::convert::From;
            Self::from(0)
        }
    }

    impl std::fmt::Display for ImportMethod {
        fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::result::Result<(), std::fmt::Error> {
            wkt::internal::display_enum(f, self.name(), self.value())
        }
    }

    impl std::convert::From<i32> for ImportMethod {
        fn from(value: i32) -> Self {
            match value {
                0 => Self::Unspecified,
                1 => Self::RsaOaep3072Sha1Aes256,
                2 => Self::RsaOaep4096Sha1Aes256,
                3 => Self::RsaOaep3072Sha256Aes256,
                4 => Self::RsaOaep4096Sha256Aes256,
                5 => Self::RsaOaep3072Sha256,
                6 => Self::RsaOaep4096Sha256,
                _ => Self::UnknownValue(import_method::UnknownValue(
                    wkt::internal::UnknownEnumValue::Integer(value),
                )),
            }
        }
    }

    impl std::convert::From<&str> for ImportMethod {
        fn from(value: &str) -> Self {
            use std::string::ToString;
            match value {
                "IMPORT_METHOD_UNSPECIFIED" => Self::Unspecified,
                "RSA_OAEP_3072_SHA1_AES_256" => Self::RsaOaep3072Sha1Aes256,
                "RSA_OAEP_4096_SHA1_AES_256" => Self::RsaOaep4096Sha1Aes256,
                "RSA_OAEP_3072_SHA256_AES_256" => Self::RsaOaep3072Sha256Aes256,
                "RSA_OAEP_4096_SHA256_AES_256" => Self::RsaOaep4096Sha256Aes256,
                "RSA_OAEP_3072_SHA256" => Self::RsaOaep3072Sha256,
                "RSA_OAEP_4096_SHA256" => Self::RsaOaep4096Sha256,
                _ => Self::UnknownValue(import_method::UnknownValue(
                    wkt::internal::UnknownEnumValue::String(value.to_string()),
                )),
            }
        }
    }

    impl serde::ser::Serialize for ImportMethod {
        fn serialize<S>(&self, serializer: S) -> std::result::Result<S::Ok, S::Error>
        where
            S: serde::Serializer,
        {
            match self {
                Self::Unspecified => serializer.serialize_i32(0),
                Self::RsaOaep3072Sha1Aes256 => serializer.serialize_i32(1),
                Self::RsaOaep4096Sha1Aes256 => serializer.serialize_i32(2),
                Self::RsaOaep3072Sha256Aes256 => serializer.serialize_i32(3),
                Self::RsaOaep4096Sha256Aes256 => serializer.serialize_i32(4),
                Self::RsaOaep3072Sha256 => serializer.serialize_i32(5),
                Self::RsaOaep4096Sha256 => serializer.serialize_i32(6),
                Self::UnknownValue(u) => u.0.serialize(serializer),
            }
        }
    }

    impl<'de> serde::de::Deserialize<'de> for ImportMethod {
        fn deserialize<D>(deserializer: D) -> std::result::Result<Self, D::Error>
        where
            D: serde::Deserializer<'de>,
        {
            deserializer.deserialize_any(wkt::internal::EnumVisitor::<ImportMethod>::new(
                ".google.cloud.kms.v1.ImportJob.ImportMethod",
            ))
        }
    }

    /// The state of the [ImportJob][google.cloud.kms.v1.ImportJob], indicating if
    /// it can be used.
    ///
    /// [google.cloud.kms.v1.ImportJob]: crate::model::ImportJob
    ///
    /// # Working with unknown values
    ///
    /// This enum is defined as `#[non_exhaustive]` because Google Cloud may add
    /// additional enum variants at any time. Adding new variants is not considered
    /// a breaking change. Applications should write their code in anticipation of:
    ///
    /// - New values appearing in future releases of the client library, **and**
    /// - New values received dynamically, without application changes.
    ///
    /// Please consult the [Working with enums] section in the user guide for some
    /// guidelines.
    ///
    /// [Working with enums]: https://google-cloud-rust.github.io/working_with_enums.html
    #[derive(Clone, Debug, PartialEq)]
    #[non_exhaustive]
    pub enum ImportJobState {
        /// Not specified.
        Unspecified,
        /// The wrapping key for this job is still being generated. It may not be
        /// used. Cloud KMS will automatically mark this job as
        /// [ACTIVE][google.cloud.kms.v1.ImportJob.ImportJobState.ACTIVE] as soon as
        /// the wrapping key is generated.
        ///
        /// [google.cloud.kms.v1.ImportJob.ImportJobState.ACTIVE]: crate::model::import_job::ImportJobState::Active
        PendingGeneration,
        /// This job may be used in
        /// [CreateCryptoKey][google.cloud.kms.v1.KeyManagementService.CreateCryptoKey]
        /// and
        /// [CreateCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.CreateCryptoKeyVersion]
        /// requests.
        ///
        /// [google.cloud.kms.v1.KeyManagementService.CreateCryptoKey]: crate::client::KeyManagementService::create_crypto_key
        /// [google.cloud.kms.v1.KeyManagementService.CreateCryptoKeyVersion]: crate::client::KeyManagementService::create_crypto_key_version
        Active,
        /// This job can no longer be used and may not leave this state once entered.
        Expired,
        /// If set, the enum was initialized with an unknown value.
        ///
        /// Applications can examine the value using [ImportJobState::value] or
        /// [ImportJobState::name].
        UnknownValue(import_job_state::UnknownValue),
    }

    #[doc(hidden)]
    pub mod import_job_state {
        #[allow(unused_imports)]
        use super::*;
        #[derive(Clone, Debug, PartialEq)]
        pub struct UnknownValue(pub(crate) wkt::internal::UnknownEnumValue);
    }

    impl ImportJobState {
        /// Gets the enum value.
        ///
        /// Returns `None` if the enum contains an unknown value deserialized from
        /// the string representation of enums.
        pub fn value(&self) -> std::option::Option<i32> {
            match self {
                Self::Unspecified => std::option::Option::Some(0),
                Self::PendingGeneration => std::option::Option::Some(1),
                Self::Active => std::option::Option::Some(2),
                Self::Expired => std::option::Option::Some(3),
                Self::UnknownValue(u) => u.0.value(),
            }
        }

        /// Gets the enum value as a string.
        ///
        /// Returns `None` if the enum contains an unknown value deserialized from
        /// the integer representation of enums.
        pub fn name(&self) -> std::option::Option<&str> {
            match self {
                Self::Unspecified => std::option::Option::Some("IMPORT_JOB_STATE_UNSPECIFIED"),
                Self::PendingGeneration => std::option::Option::Some("PENDING_GENERATION"),
                Self::Active => std::option::Option::Some("ACTIVE"),
                Self::Expired => std::option::Option::Some("EXPIRED"),
                Self::UnknownValue(u) => u.0.name(),
            }
        }
    }

    impl std::default::Default for ImportJobState {
        fn default() -> Self {
            use std::convert::From;
            Self::from(0)
        }
    }

    impl std::fmt::Display for ImportJobState {
        fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::result::Result<(), std::fmt::Error> {
            wkt::internal::display_enum(f, self.name(), self.value())
        }
    }

    impl std::convert::From<i32> for ImportJobState {
        fn from(value: i32) -> Self {
            match value {
                0 => Self::Unspecified,
                1 => Self::PendingGeneration,
                2 => Self::Active,
                3 => Self::Expired,
                _ => Self::UnknownValue(import_job_state::UnknownValue(
                    wkt::internal::UnknownEnumValue::Integer(value),
                )),
            }
        }
    }

    impl std::convert::From<&str> for ImportJobState {
        fn from(value: &str) -> Self {
            use std::string::ToString;
            match value {
                "IMPORT_JOB_STATE_UNSPECIFIED" => Self::Unspecified,
                "PENDING_GENERATION" => Self::PendingGeneration,
                "ACTIVE" => Self::Active,
                "EXPIRED" => Self::Expired,
                _ => Self::UnknownValue(import_job_state::UnknownValue(
                    wkt::internal::UnknownEnumValue::String(value.to_string()),
                )),
            }
        }
    }

    impl serde::ser::Serialize for ImportJobState {
        fn serialize<S>(&self, serializer: S) -> std::result::Result<S::Ok, S::Error>
        where
            S: serde::Serializer,
        {
            match self {
                Self::Unspecified => serializer.serialize_i32(0),
                Self::PendingGeneration => serializer.serialize_i32(1),
                Self::Active => serializer.serialize_i32(2),
                Self::Expired => serializer.serialize_i32(3),
                Self::UnknownValue(u) => u.0.serialize(serializer),
            }
        }
    }

    impl<'de> serde::de::Deserialize<'de> for ImportJobState {
        fn deserialize<D>(deserializer: D) -> std::result::Result<Self, D::Error>
        where
            D: serde::Deserializer<'de>,
        {
            deserializer.deserialize_any(wkt::internal::EnumVisitor::<ImportJobState>::new(
                ".google.cloud.kms.v1.ImportJob.ImportJobState",
            ))
        }
    }
}

/// ExternalProtectionLevelOptions stores a group of additional fields for
/// configuring a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] that
/// are specific to the [EXTERNAL][google.cloud.kms.v1.ProtectionLevel.EXTERNAL]
/// protection level and
/// [EXTERNAL_VPC][google.cloud.kms.v1.ProtectionLevel.EXTERNAL_VPC] protection
/// levels.
///
/// [google.cloud.kms.v1.CryptoKeyVersion]: crate::model::CryptoKeyVersion
/// [google.cloud.kms.v1.ProtectionLevel.EXTERNAL]: crate::model::ProtectionLevel::External
/// [google.cloud.kms.v1.ProtectionLevel.EXTERNAL_VPC]: crate::model::ProtectionLevel::ExternalVpc
#[derive(Clone, Default, PartialEq)]
#[non_exhaustive]
pub struct ExternalProtectionLevelOptions {
    /// The URI for an external resource that this
    /// [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] represents.
    ///
    /// [google.cloud.kms.v1.CryptoKeyVersion]: crate::model::CryptoKeyVersion
    pub external_key_uri: std::string::String,

    /// The path to the external key material on the EKM when using
    /// [EkmConnection][google.cloud.kms.v1.EkmConnection] e.g., "v0/my/key". Set
    /// this field instead of external_key_uri when using an
    /// [EkmConnection][google.cloud.kms.v1.EkmConnection].
    ///
    /// [google.cloud.kms.v1.EkmConnection]: crate::model::EkmConnection
    pub ekm_connection_key_path: std::string::String,

    pub(crate) _unknown_fields: serde_json::Map<std::string::String, serde_json::Value>,
}

impl ExternalProtectionLevelOptions {
    pub fn new() -> Self {
        std::default::Default::default()
    }

    /// Sets the value of [external_key_uri][crate::model::ExternalProtectionLevelOptions::external_key_uri].
    pub fn set_external_key_uri<T: std::convert::Into<std::string::String>>(
        mut self,
        v: T,
    ) -> Self {
        self.external_key_uri = v.into();
        self
    }

    /// Sets the value of [ekm_connection_key_path][crate::model::ExternalProtectionLevelOptions::ekm_connection_key_path].
    pub fn set_ekm_connection_key_path<T: std::convert::Into<std::string::String>>(
        mut self,
        v: T,
    ) -> Self {
        self.ekm_connection_key_path = v.into();
        self
    }
}

impl wkt::message::Message for ExternalProtectionLevelOptions {
    fn typename() -> &'static str {
        "type.googleapis.com/google.cloud.kms.v1.ExternalProtectionLevelOptions"
    }
}

/// A
/// [KeyAccessJustificationsPolicy][google.cloud.kms.v1.KeyAccessJustificationsPolicy]
/// specifies zero or more allowed
/// [AccessReason][google.cloud.kms.v1.AccessReason] values for encrypt, decrypt,
/// and sign operations on a [CryptoKey][google.cloud.kms.v1.CryptoKey].
///
/// [google.cloud.kms.v1.AccessReason]: crate::model::AccessReason
/// [google.cloud.kms.v1.CryptoKey]: crate::model::CryptoKey
/// [google.cloud.kms.v1.KeyAccessJustificationsPolicy]: crate::model::KeyAccessJustificationsPolicy
#[derive(Clone, Default, PartialEq)]
#[non_exhaustive]
pub struct KeyAccessJustificationsPolicy {
    /// The list of allowed reasons for access to a
    /// [CryptoKey][google.cloud.kms.v1.CryptoKey]. Zero allowed access reasons
    /// means all encrypt, decrypt, and sign operations for the
    /// [CryptoKey][google.cloud.kms.v1.CryptoKey] associated with this policy will
    /// fail.
    ///
    /// [google.cloud.kms.v1.CryptoKey]: crate::model::CryptoKey
    pub allowed_access_reasons: std::vec::Vec<crate::model::AccessReason>,

    pub(crate) _unknown_fields: serde_json::Map<std::string::String, serde_json::Value>,
}

impl KeyAccessJustificationsPolicy {
    pub fn new() -> Self {
        std::default::Default::default()
    }

    /// Sets the value of [allowed_access_reasons][crate::model::KeyAccessJustificationsPolicy::allowed_access_reasons].
    pub fn set_allowed_access_reasons<T, V>(mut self, v: T) -> Self
    where
        T: std::iter::IntoIterator<Item = V>,
        V: std::convert::Into<crate::model::AccessReason>,
    {
        use std::iter::Iterator;
        self.allowed_access_reasons = v.into_iter().map(|i| i.into()).collect();
        self
    }
}

impl wkt::message::Message for KeyAccessJustificationsPolicy {
    fn typename() -> &'static str {
        "type.googleapis.com/google.cloud.kms.v1.KeyAccessJustificationsPolicy"
    }
}

/// Request message for
/// [KeyManagementService.ListKeyRings][google.cloud.kms.v1.KeyManagementService.ListKeyRings].
///
/// [google.cloud.kms.v1.KeyManagementService.ListKeyRings]: crate::client::KeyManagementService::list_key_rings
#[derive(Clone, Default, PartialEq)]
#[non_exhaustive]
pub struct ListKeyRingsRequest {
    /// Required. The resource name of the location associated with the
    /// [KeyRings][google.cloud.kms.v1.KeyRing], in the format
    /// `projects/*/locations/*`.
    ///
    /// [google.cloud.kms.v1.KeyRing]: crate::model::KeyRing
    pub parent: std::string::String,

    /// Optional. Optional limit on the number of
    /// [KeyRings][google.cloud.kms.v1.KeyRing] to include in the response. Further
    /// [KeyRings][google.cloud.kms.v1.KeyRing] can subsequently be obtained by
    /// including the
    /// [ListKeyRingsResponse.next_page_token][google.cloud.kms.v1.ListKeyRingsResponse.next_page_token]
    /// in a subsequent request.  If unspecified, the server will pick an
    /// appropriate default.
    ///
    /// [google.cloud.kms.v1.KeyRing]: crate::model::KeyRing
    /// [google.cloud.kms.v1.ListKeyRingsResponse.next_page_token]: crate::model::ListKeyRingsResponse::next_page_token
    pub page_size: i32,

    /// Optional. Optional pagination token, returned earlier via
    /// [ListKeyRingsResponse.next_page_token][google.cloud.kms.v1.ListKeyRingsResponse.next_page_token].
    ///
    /// [google.cloud.kms.v1.ListKeyRingsResponse.next_page_token]: crate::model::ListKeyRingsResponse::next_page_token
    pub page_token: std::string::String,

    /// Optional. Only include resources that match the filter in the response. For
    /// more information, see
    /// [Sorting and filtering list
    /// results](https://cloud.google.com/kms/docs/sorting-and-filtering).
    pub filter: std::string::String,

    /// Optional. Specify how the results should be sorted. If not specified, the
    /// results will be sorted in the default order.  For more information, see
    /// [Sorting and filtering list
    /// results](https://cloud.google.com/kms/docs/sorting-and-filtering).
    pub order_by: std::string::String,

    pub(crate) _unknown_fields: serde_json::Map<std::string::String, serde_json::Value>,
}

impl ListKeyRingsRequest {
    pub fn new() -> Self {
        std::default::Default::default()
    }

    /// Sets the value of [parent][crate::model::ListKeyRingsRequest::parent].
    pub fn set_parent<T: std::convert::Into<std::string::String>>(mut self, v: T) -> Self {
        self.parent = v.into();
        self
    }

    /// Sets the value of [page_size][crate::model::ListKeyRingsRequest::page_size].
    pub fn set_page_size<T: std::convert::Into<i32>>(mut self, v: T) -> Self {
        self.page_size = v.into();
        self
    }

    /// Sets the value of [page_token][crate::model::ListKeyRingsRequest::page_token].
    pub fn set_page_token<T: std::convert::Into<std::string::String>>(mut self, v: T) -> Self {
        self.page_token = v.into();
        self
    }

    /// Sets the value of [filter][crate::model::ListKeyRingsRequest::filter].
    pub fn set_filter<T: std::convert::Into<std::string::String>>(mut self, v: T) -> Self {
        self.filter = v.into();
        self
    }

    /// Sets the value of [order_by][crate::model::ListKeyRingsRequest::order_by].
    pub fn set_order_by<T: std::convert::Into<std::string::String>>(mut self, v: T) -> Self {
        self.order_by = v.into();
        self
    }
}

impl wkt::message::Message for ListKeyRingsRequest {
    fn typename() -> &'static str {
        "type.googleapis.com/google.cloud.kms.v1.ListKeyRingsRequest"
    }
}

/// Request message for
/// [KeyManagementService.ListCryptoKeys][google.cloud.kms.v1.KeyManagementService.ListCryptoKeys].
///
/// [google.cloud.kms.v1.KeyManagementService.ListCryptoKeys]: crate::client::KeyManagementService::list_crypto_keys
#[derive(Clone, Default, PartialEq)]
#[non_exhaustive]
pub struct ListCryptoKeysRequest {
    /// Required. The resource name of the [KeyRing][google.cloud.kms.v1.KeyRing]
    /// to list, in the format `projects/*/locations/*/keyRings/*`.
    ///
    /// [google.cloud.kms.v1.KeyRing]: crate::model::KeyRing
    pub parent: std::string::String,

    /// Optional. Optional limit on the number of
    /// [CryptoKeys][google.cloud.kms.v1.CryptoKey] to include in the response.
    /// Further [CryptoKeys][google.cloud.kms.v1.CryptoKey] can subsequently be
    /// obtained by including the
    /// [ListCryptoKeysResponse.next_page_token][google.cloud.kms.v1.ListCryptoKeysResponse.next_page_token]
    /// in a subsequent request.  If unspecified, the server will pick an
    /// appropriate default.
    ///
    /// [google.cloud.kms.v1.CryptoKey]: crate::model::CryptoKey
    /// [google.cloud.kms.v1.ListCryptoKeysResponse.next_page_token]: crate::model::ListCryptoKeysResponse::next_page_token
    pub page_size: i32,

    /// Optional. Optional pagination token, returned earlier via
    /// [ListCryptoKeysResponse.next_page_token][google.cloud.kms.v1.ListCryptoKeysResponse.next_page_token].
    ///
    /// [google.cloud.kms.v1.ListCryptoKeysResponse.next_page_token]: crate::model::ListCryptoKeysResponse::next_page_token
    pub page_token: std::string::String,

    /// The fields of the primary version to include in the response.
    pub version_view: crate::model::crypto_key_version::CryptoKeyVersionView,

    /// Optional. Only include resources that match the filter in the response. For
    /// more information, see
    /// [Sorting and filtering list
    /// results](https://cloud.google.com/kms/docs/sorting-and-filtering).
    pub filter: std::string::String,

    /// Optional. Specify how the results should be sorted. If not specified, the
    /// results will be sorted in the default order. For more information, see
    /// [Sorting and filtering list
    /// results](https://cloud.google.com/kms/docs/sorting-and-filtering).
    pub order_by: std::string::String,

    pub(crate) _unknown_fields: serde_json::Map<std::string::String, serde_json::Value>,
}

impl ListCryptoKeysRequest {
    pub fn new() -> Self {
        std::default::Default::default()
    }

    /// Sets the value of [parent][crate::model::ListCryptoKeysRequest::parent].
    pub fn set_parent<T: std::convert::Into<std::string::String>>(mut self, v: T) -> Self {
        self.parent = v.into();
        self
    }

    /// Sets the value of [page_size][crate::model::ListCryptoKeysRequest::page_size].
    pub fn set_page_size<T: std::convert::Into<i32>>(mut self, v: T) -> Self {
        self.page_size = v.into();
        self
    }

    /// Sets the value of [page_token][crate::model::ListCryptoKeysRequest::page_token].
    pub fn set_page_token<T: std::convert::Into<std::string::String>>(mut self, v: T) -> Self {
        self.page_token = v.into();
        self
    }

    /// Sets the value of [version_view][crate::model::ListCryptoKeysRequest::version_view].
    pub fn set_version_view<
        T: std::convert::Into<crate::model::crypto_key_version::CryptoKeyVersionView>,
    >(
        mut self,
        v: T,
    ) -> Self {
        self.version_view = v.into();
        self
    }

    /// Sets the value of [filter][crate::model::ListCryptoKeysRequest::filter].
    pub fn set_filter<T: std::convert::Into<std::string::String>>(mut self, v: T) -> Self {
        self.filter = v.into();
        self
    }

    /// Sets the value of [order_by][crate::model::ListCryptoKeysRequest::order_by].
    pub fn set_order_by<T: std::convert::Into<std::string::String>>(mut self, v: T) -> Self {
        self.order_by = v.into();
        self
    }
}

impl wkt::message::Message for ListCryptoKeysRequest {
    fn typename() -> &'static str {
        "type.googleapis.com/google.cloud.kms.v1.ListCryptoKeysRequest"
    }
}

/// Request message for
/// [KeyManagementService.ListCryptoKeyVersions][google.cloud.kms.v1.KeyManagementService.ListCryptoKeyVersions].
///
/// [google.cloud.kms.v1.KeyManagementService.ListCryptoKeyVersions]: crate::client::KeyManagementService::list_crypto_key_versions
#[derive(Clone, Default, PartialEq)]
#[non_exhaustive]
pub struct ListCryptoKeyVersionsRequest {
    /// Required. The resource name of the
    /// [CryptoKey][google.cloud.kms.v1.CryptoKey] to list, in the format
    /// `projects/*/locations/*/keyRings/*/cryptoKeys/*`.
    ///
    /// [google.cloud.kms.v1.CryptoKey]: crate::model::CryptoKey
    pub parent: std::string::String,

    /// Optional. Optional limit on the number of
    /// [CryptoKeyVersions][google.cloud.kms.v1.CryptoKeyVersion] to include in the
    /// response. Further [CryptoKeyVersions][google.cloud.kms.v1.CryptoKeyVersion]
    /// can subsequently be obtained by including the
    /// [ListCryptoKeyVersionsResponse.next_page_token][google.cloud.kms.v1.ListCryptoKeyVersionsResponse.next_page_token]
    /// in a subsequent request. If unspecified, the server will pick an
    /// appropriate default.
    ///
    /// [google.cloud.kms.v1.CryptoKeyVersion]: crate::model::CryptoKeyVersion
    /// [google.cloud.kms.v1.ListCryptoKeyVersionsResponse.next_page_token]: crate::model::ListCryptoKeyVersionsResponse::next_page_token
    pub page_size: i32,

    /// Optional. Optional pagination token, returned earlier via
    /// [ListCryptoKeyVersionsResponse.next_page_token][google.cloud.kms.v1.ListCryptoKeyVersionsResponse.next_page_token].
    ///
    /// [google.cloud.kms.v1.ListCryptoKeyVersionsResponse.next_page_token]: crate::model::ListCryptoKeyVersionsResponse::next_page_token
    pub page_token: std::string::String,

    /// The fields to include in the response.
    pub view: crate::model::crypto_key_version::CryptoKeyVersionView,

    /// Optional. Only include resources that match the filter in the response. For
    /// more information, see
    /// [Sorting and filtering list
    /// results](https://cloud.google.com/kms/docs/sorting-and-filtering).
    pub filter: std::string::String,

    /// Optional. Specify how the results should be sorted. If not specified, the
    /// results will be sorted in the default order. For more information, see
    /// [Sorting and filtering list
    /// results](https://cloud.google.com/kms/docs/sorting-and-filtering).
    pub order_by: std::string::String,

    pub(crate) _unknown_fields: serde_json::Map<std::string::String, serde_json::Value>,
}

impl ListCryptoKeyVersionsRequest {
    pub fn new() -> Self {
        std::default::Default::default()
    }

    /// Sets the value of [parent][crate::model::ListCryptoKeyVersionsRequest::parent].
    pub fn set_parent<T: std::convert::Into<std::string::String>>(mut self, v: T) -> Self {
        self.parent = v.into();
        self
    }

    /// Sets the value of [page_size][crate::model::ListCryptoKeyVersionsRequest::page_size].
    pub fn set_page_size<T: std::convert::Into<i32>>(mut self, v: T) -> Self {
        self.page_size = v.into();
        self
    }

    /// Sets the value of [page_token][crate::model::ListCryptoKeyVersionsRequest::page_token].
    pub fn set_page_token<T: std::convert::Into<std::string::String>>(mut self, v: T) -> Self {
        self.page_token = v.into();
        self
    }

    /// Sets the value of [view][crate::model::ListCryptoKeyVersionsRequest::view].
    pub fn set_view<
        T: std::convert::Into<crate::model::crypto_key_version::CryptoKeyVersionView>,
    >(
        mut self,
        v: T,
    ) -> Self {
        self.view = v.into();
        self
    }

    /// Sets the value of [filter][crate::model::ListCryptoKeyVersionsRequest::filter].
    pub fn set_filter<T: std::convert::Into<std::string::String>>(mut self, v: T) -> Self {
        self.filter = v.into();
        self
    }

    /// Sets the value of [order_by][crate::model::ListCryptoKeyVersionsRequest::order_by].
    pub fn set_order_by<T: std::convert::Into<std::string::String>>(mut self, v: T) -> Self {
        self.order_by = v.into();
        self
    }
}

impl wkt::message::Message for ListCryptoKeyVersionsRequest {
    fn typename() -> &'static str {
        "type.googleapis.com/google.cloud.kms.v1.ListCryptoKeyVersionsRequest"
    }
}

/// Request message for
/// [KeyManagementService.ListImportJobs][google.cloud.kms.v1.KeyManagementService.ListImportJobs].
///
/// [google.cloud.kms.v1.KeyManagementService.ListImportJobs]: crate::client::KeyManagementService::list_import_jobs
#[derive(Clone, Default, PartialEq)]
#[non_exhaustive]
pub struct ListImportJobsRequest {
    /// Required. The resource name of the [KeyRing][google.cloud.kms.v1.KeyRing]
    /// to list, in the format `projects/*/locations/*/keyRings/*`.
    ///
    /// [google.cloud.kms.v1.KeyRing]: crate::model::KeyRing
    pub parent: std::string::String,

    /// Optional. Optional limit on the number of
    /// [ImportJobs][google.cloud.kms.v1.ImportJob] to include in the response.
    /// Further [ImportJobs][google.cloud.kms.v1.ImportJob] can subsequently be
    /// obtained by including the
    /// [ListImportJobsResponse.next_page_token][google.cloud.kms.v1.ListImportJobsResponse.next_page_token]
    /// in a subsequent request. If unspecified, the server will pick an
    /// appropriate default.
    ///
    /// [google.cloud.kms.v1.ImportJob]: crate::model::ImportJob
    /// [google.cloud.kms.v1.ListImportJobsResponse.next_page_token]: crate::model::ListImportJobsResponse::next_page_token
    pub page_size: i32,

    /// Optional. Optional pagination token, returned earlier via
    /// [ListImportJobsResponse.next_page_token][google.cloud.kms.v1.ListImportJobsResponse.next_page_token].
    ///
    /// [google.cloud.kms.v1.ListImportJobsResponse.next_page_token]: crate::model::ListImportJobsResponse::next_page_token
    pub page_token: std::string::String,

    /// Optional. Only include resources that match the filter in the response. For
    /// more information, see
    /// [Sorting and filtering list
    /// results](https://cloud.google.com/kms/docs/sorting-and-filtering).
    pub filter: std::string::String,

    /// Optional. Specify how the results should be sorted. If not specified, the
    /// results will be sorted in the default order. For more information, see
    /// [Sorting and filtering list
    /// results](https://cloud.google.com/kms/docs/sorting-and-filtering).
    pub order_by: std::string::String,

    pub(crate) _unknown_fields: serde_json::Map<std::string::String, serde_json::Value>,
}

impl ListImportJobsRequest {
    pub fn new() -> Self {
        std::default::Default::default()
    }

    /// Sets the value of [parent][crate::model::ListImportJobsRequest::parent].
    pub fn set_parent<T: std::convert::Into<std::string::String>>(mut self, v: T) -> Self {
        self.parent = v.into();
        self
    }

    /// Sets the value of [page_size][crate::model::ListImportJobsRequest::page_size].
    pub fn set_page_size<T: std::convert::Into<i32>>(mut self, v: T) -> Self {
        self.page_size = v.into();
        self
    }

    /// Sets the value of [page_token][crate::model::ListImportJobsRequest::page_token].
    pub fn set_page_token<T: std::convert::Into<std::string::String>>(mut self, v: T) -> Self {
        self.page_token = v.into();
        self
    }

    /// Sets the value of [filter][crate::model::ListImportJobsRequest::filter].
    pub fn set_filter<T: std::convert::Into<std::string::String>>(mut self, v: T) -> Self {
        self.filter = v.into();
        self
    }

    /// Sets the value of [order_by][crate::model::ListImportJobsRequest::order_by].
    pub fn set_order_by<T: std::convert::Into<std::string::String>>(mut self, v: T) -> Self {
        self.order_by = v.into();
        self
    }
}

impl wkt::message::Message for ListImportJobsRequest {
    fn typename() -> &'static str {
        "type.googleapis.com/google.cloud.kms.v1.ListImportJobsRequest"
    }
}

/// Response message for
/// [KeyManagementService.ListKeyRings][google.cloud.kms.v1.KeyManagementService.ListKeyRings].
///
/// [google.cloud.kms.v1.KeyManagementService.ListKeyRings]: crate::client::KeyManagementService::list_key_rings
#[derive(Clone, Default, PartialEq)]
#[non_exhaustive]
pub struct ListKeyRingsResponse {
    /// The list of [KeyRings][google.cloud.kms.v1.KeyRing].
    ///
    /// [google.cloud.kms.v1.KeyRing]: crate::model::KeyRing
    pub key_rings: std::vec::Vec<crate::model::KeyRing>,

    /// A token to retrieve next page of results. Pass this value in
    /// [ListKeyRingsRequest.page_token][google.cloud.kms.v1.ListKeyRingsRequest.page_token]
    /// to retrieve the next page of results.
    ///
    /// [google.cloud.kms.v1.ListKeyRingsRequest.page_token]: crate::model::ListKeyRingsRequest::page_token
    pub next_page_token: std::string::String,

    /// The total number of [KeyRings][google.cloud.kms.v1.KeyRing] that matched
    /// the query.
    ///
    /// This field is not populated if
    /// [ListKeyRingsRequest.filter][google.cloud.kms.v1.ListKeyRingsRequest.filter]
    /// is applied.
    ///
    /// [google.cloud.kms.v1.KeyRing]: crate::model::KeyRing
    /// [google.cloud.kms.v1.ListKeyRingsRequest.filter]: crate::model::ListKeyRingsRequest::filter
    pub total_size: i32,

    pub(crate) _unknown_fields: serde_json::Map<std::string::String, serde_json::Value>,
}

impl ListKeyRingsResponse {
    pub fn new() -> Self {
        std::default::Default::default()
    }

    /// Sets the value of [key_rings][crate::model::ListKeyRingsResponse::key_rings].
    pub fn set_key_rings<T, V>(mut self, v: T) -> Self
    where
        T: std::iter::IntoIterator<Item = V>,
        V: std::convert::Into<crate::model::KeyRing>,
    {
        use std::iter::Iterator;
        self.key_rings = v.into_iter().map(|i| i.into()).collect();
        self
    }

    /// Sets the value of [next_page_token][crate::model::ListKeyRingsResponse::next_page_token].
    pub fn set_next_page_token<T: std::convert::Into<std::string::String>>(mut self, v: T) -> Self {
        self.next_page_token = v.into();
        self
    }

    /// Sets the value of [total_size][crate::model::ListKeyRingsResponse::total_size].
    pub fn set_total_size<T: std::convert::Into<i32>>(mut self, v: T) -> Self {
        self.total_size = v.into();
        self
    }
}

impl wkt::message::Message for ListKeyRingsResponse {
    fn typename() -> &'static str {
        "type.googleapis.com/google.cloud.kms.v1.ListKeyRingsResponse"
    }
}

#[doc(hidden)]
impl gax::paginator::internal::PageableResponse for ListKeyRingsResponse {
    type PageItem = crate::model::KeyRing;

    fn items(self) -> std::vec::Vec<Self::PageItem> {
        self.key_rings
    }

    fn next_page_token(&self) -> std::string::String {
        use std::clone::Clone;
        self.next_page_token.clone()
    }
}

/// Response message for
/// [KeyManagementService.ListCryptoKeys][google.cloud.kms.v1.KeyManagementService.ListCryptoKeys].
///
/// [google.cloud.kms.v1.KeyManagementService.ListCryptoKeys]: crate::client::KeyManagementService::list_crypto_keys
#[derive(Clone, Default, PartialEq)]
#[non_exhaustive]
pub struct ListCryptoKeysResponse {
    /// The list of [CryptoKeys][google.cloud.kms.v1.CryptoKey].
    ///
    /// [google.cloud.kms.v1.CryptoKey]: crate::model::CryptoKey
    pub crypto_keys: std::vec::Vec<crate::model::CryptoKey>,

    /// A token to retrieve next page of results. Pass this value in
    /// [ListCryptoKeysRequest.page_token][google.cloud.kms.v1.ListCryptoKeysRequest.page_token]
    /// to retrieve the next page of results.
    ///
    /// [google.cloud.kms.v1.ListCryptoKeysRequest.page_token]: crate::model::ListCryptoKeysRequest::page_token
    pub next_page_token: std::string::String,

    /// The total number of [CryptoKeys][google.cloud.kms.v1.CryptoKey] that
    /// matched the query.
    ///
    /// This field is not populated if
    /// [ListCryptoKeysRequest.filter][google.cloud.kms.v1.ListCryptoKeysRequest.filter]
    /// is applied.
    ///
    /// [google.cloud.kms.v1.CryptoKey]: crate::model::CryptoKey
    /// [google.cloud.kms.v1.ListCryptoKeysRequest.filter]: crate::model::ListCryptoKeysRequest::filter
    pub total_size: i32,

    pub(crate) _unknown_fields: serde_json::Map<std::string::String, serde_json::Value>,
}

impl ListCryptoKeysResponse {
    pub fn new() -> Self {
        std::default::Default::default()
    }

    /// Sets the value of [crypto_keys][crate::model::ListCryptoKeysResponse::crypto_keys].
    pub fn set_crypto_keys<T, V>(mut self, v: T) -> Self
    where
        T: std::iter::IntoIterator<Item = V>,
        V: std::convert::Into<crate::model::CryptoKey>,
    {
        use std::iter::Iterator;
        self.crypto_keys = v.into_iter().map(|i| i.into()).collect();
        self
    }

    /// Sets the value of [next_page_token][crate::model::ListCryptoKeysResponse::next_page_token].
    pub fn set_next_page_token<T: std::convert::Into<std::string::String>>(mut self, v: T) -> Self {
        self.next_page_token = v.into();
        self
    }

    /// Sets the value of [total_size][crate::model::ListCryptoKeysResponse::total_size].
    pub fn set_total_size<T: std::convert::Into<i32>>(mut self, v: T) -> Self {
        self.total_size = v.into();
        self
    }
}

impl wkt::message::Message for ListCryptoKeysResponse {
    fn typename() -> &'static str {
        "type.googleapis.com/google.cloud.kms.v1.ListCryptoKeysResponse"
    }
}

#[doc(hidden)]
impl gax::paginator::internal::PageableResponse for ListCryptoKeysResponse {
    type PageItem = crate::model::CryptoKey;

    fn items(self) -> std::vec::Vec<Self::PageItem> {
        self.crypto_keys
    }

    fn next_page_token(&self) -> std::string::String {
        use std::clone::Clone;
        self.next_page_token.clone()
    }
}

/// Response message for
/// [KeyManagementService.ListCryptoKeyVersions][google.cloud.kms.v1.KeyManagementService.ListCryptoKeyVersions].
///
/// [google.cloud.kms.v1.KeyManagementService.ListCryptoKeyVersions]: crate::client::KeyManagementService::list_crypto_key_versions
#[derive(Clone, Default, PartialEq)]
#[non_exhaustive]
pub struct ListCryptoKeyVersionsResponse {
    /// The list of [CryptoKeyVersions][google.cloud.kms.v1.CryptoKeyVersion].
    ///
    /// [google.cloud.kms.v1.CryptoKeyVersion]: crate::model::CryptoKeyVersion
    pub crypto_key_versions: std::vec::Vec<crate::model::CryptoKeyVersion>,

    /// A token to retrieve next page of results. Pass this value in
    /// [ListCryptoKeyVersionsRequest.page_token][google.cloud.kms.v1.ListCryptoKeyVersionsRequest.page_token]
    /// to retrieve the next page of results.
    ///
    /// [google.cloud.kms.v1.ListCryptoKeyVersionsRequest.page_token]: crate::model::ListCryptoKeyVersionsRequest::page_token
    pub next_page_token: std::string::String,

    /// The total number of
    /// [CryptoKeyVersions][google.cloud.kms.v1.CryptoKeyVersion] that matched the
    /// query.
    ///
    /// This field is not populated if
    /// [ListCryptoKeyVersionsRequest.filter][google.cloud.kms.v1.ListCryptoKeyVersionsRequest.filter]
    /// is applied.
    ///
    /// [google.cloud.kms.v1.CryptoKeyVersion]: crate::model::CryptoKeyVersion
    /// [google.cloud.kms.v1.ListCryptoKeyVersionsRequest.filter]: crate::model::ListCryptoKeyVersionsRequest::filter
    pub total_size: i32,

    pub(crate) _unknown_fields: serde_json::Map<std::string::String, serde_json::Value>,
}

impl ListCryptoKeyVersionsResponse {
    pub fn new() -> Self {
        std::default::Default::default()
    }

    /// Sets the value of [crypto_key_versions][crate::model::ListCryptoKeyVersionsResponse::crypto_key_versions].
    pub fn set_crypto_key_versions<T, V>(mut self, v: T) -> Self
    where
        T: std::iter::IntoIterator<Item = V>,
        V: std::convert::Into<crate::model::CryptoKeyVersion>,
    {
        use std::iter::Iterator;
        self.crypto_key_versions = v.into_iter().map(|i| i.into()).collect();
        self
    }

    /// Sets the value of [next_page_token][crate::model::ListCryptoKeyVersionsResponse::next_page_token].
    pub fn set_next_page_token<T: std::convert::Into<std::string::String>>(mut self, v: T) -> Self {
        self.next_page_token = v.into();
        self
    }

    /// Sets the value of [total_size][crate::model::ListCryptoKeyVersionsResponse::total_size].
    pub fn set_total_size<T: std::convert::Into<i32>>(mut self, v: T) -> Self {
        self.total_size = v.into();
        self
    }
}

impl wkt::message::Message for ListCryptoKeyVersionsResponse {
    fn typename() -> &'static str {
        "type.googleapis.com/google.cloud.kms.v1.ListCryptoKeyVersionsResponse"
    }
}

#[doc(hidden)]
impl gax::paginator::internal::PageableResponse for ListCryptoKeyVersionsResponse {
    type PageItem = crate::model::CryptoKeyVersion;

    fn items(self) -> std::vec::Vec<Self::PageItem> {
        self.crypto_key_versions
    }

    fn next_page_token(&self) -> std::string::String {
        use std::clone::Clone;
        self.next_page_token.clone()
    }
}

/// Response message for
/// [KeyManagementService.ListImportJobs][google.cloud.kms.v1.KeyManagementService.ListImportJobs].
///
/// [google.cloud.kms.v1.KeyManagementService.ListImportJobs]: crate::client::KeyManagementService::list_import_jobs
#[derive(Clone, Default, PartialEq)]
#[non_exhaustive]
pub struct ListImportJobsResponse {
    /// The list of [ImportJobs][google.cloud.kms.v1.ImportJob].
    ///
    /// [google.cloud.kms.v1.ImportJob]: crate::model::ImportJob
    pub import_jobs: std::vec::Vec<crate::model::ImportJob>,

    /// A token to retrieve next page of results. Pass this value in
    /// [ListImportJobsRequest.page_token][google.cloud.kms.v1.ListImportJobsRequest.page_token]
    /// to retrieve the next page of results.
    ///
    /// [google.cloud.kms.v1.ListImportJobsRequest.page_token]: crate::model::ListImportJobsRequest::page_token
    pub next_page_token: std::string::String,

    /// The total number of [ImportJobs][google.cloud.kms.v1.ImportJob] that
    /// matched the query.
    ///
    /// This field is not populated if
    /// [ListImportJobsRequest.filter][google.cloud.kms.v1.ListImportJobsRequest.filter]
    /// is applied.
    ///
    /// [google.cloud.kms.v1.ImportJob]: crate::model::ImportJob
    /// [google.cloud.kms.v1.ListImportJobsRequest.filter]: crate::model::ListImportJobsRequest::filter
    pub total_size: i32,

    pub(crate) _unknown_fields: serde_json::Map<std::string::String, serde_json::Value>,
}

impl ListImportJobsResponse {
    pub fn new() -> Self {
        std::default::Default::default()
    }

    /// Sets the value of [import_jobs][crate::model::ListImportJobsResponse::import_jobs].
    pub fn set_import_jobs<T, V>(mut self, v: T) -> Self
    where
        T: std::iter::IntoIterator<Item = V>,
        V: std::convert::Into<crate::model::ImportJob>,
    {
        use std::iter::Iterator;
        self.import_jobs = v.into_iter().map(|i| i.into()).collect();
        self
    }

    /// Sets the value of [next_page_token][crate::model::ListImportJobsResponse::next_page_token].
    pub fn set_next_page_token<T: std::convert::Into<std::string::String>>(mut self, v: T) -> Self {
        self.next_page_token = v.into();
        self
    }

    /// Sets the value of [total_size][crate::model::ListImportJobsResponse::total_size].
    pub fn set_total_size<T: std::convert::Into<i32>>(mut self, v: T) -> Self {
        self.total_size = v.into();
        self
    }
}

impl wkt::message::Message for ListImportJobsResponse {
    fn typename() -> &'static str {
        "type.googleapis.com/google.cloud.kms.v1.ListImportJobsResponse"
    }
}

#[doc(hidden)]
impl gax::paginator::internal::PageableResponse for ListImportJobsResponse {
    type PageItem = crate::model::ImportJob;

    fn items(self) -> std::vec::Vec<Self::PageItem> {
        self.import_jobs
    }

    fn next_page_token(&self) -> std::string::String {
        use std::clone::Clone;
        self.next_page_token.clone()
    }
}

/// Request message for
/// [KeyManagementService.GetKeyRing][google.cloud.kms.v1.KeyManagementService.GetKeyRing].
///
/// [google.cloud.kms.v1.KeyManagementService.GetKeyRing]: crate::client::KeyManagementService::get_key_ring
#[derive(Clone, Default, PartialEq)]
#[non_exhaustive]
pub struct GetKeyRingRequest {
    /// Required. The [name][google.cloud.kms.v1.KeyRing.name] of the
    /// [KeyRing][google.cloud.kms.v1.KeyRing] to get.
    ///
    /// [google.cloud.kms.v1.KeyRing]: crate::model::KeyRing
    /// [google.cloud.kms.v1.KeyRing.name]: crate::model::KeyRing::name
    pub name: std::string::String,

    pub(crate) _unknown_fields: serde_json::Map<std::string::String, serde_json::Value>,
}

impl GetKeyRingRequest {
    pub fn new() -> Self {
        std::default::Default::default()
    }

    /// Sets the value of [name][crate::model::GetKeyRingRequest::name].
    pub fn set_name<T: std::convert::Into<std::string::String>>(mut self, v: T) -> Self {
        self.name = v.into();
        self
    }
}

impl wkt::message::Message for GetKeyRingRequest {
    fn typename() -> &'static str {
        "type.googleapis.com/google.cloud.kms.v1.GetKeyRingRequest"
    }
}

/// Request message for
/// [KeyManagementService.GetCryptoKey][google.cloud.kms.v1.KeyManagementService.GetCryptoKey].
///
/// [google.cloud.kms.v1.KeyManagementService.GetCryptoKey]: crate::client::KeyManagementService::get_crypto_key
#[derive(Clone, Default, PartialEq)]
#[non_exhaustive]
pub struct GetCryptoKeyRequest {
    /// Required. The [name][google.cloud.kms.v1.CryptoKey.name] of the
    /// [CryptoKey][google.cloud.kms.v1.CryptoKey] to get.
    ///
    /// [google.cloud.kms.v1.CryptoKey]: crate::model::CryptoKey
    /// [google.cloud.kms.v1.CryptoKey.name]: crate::model::CryptoKey::name
    pub name: std::string::String,

    pub(crate) _unknown_fields: serde_json::Map<std::string::String, serde_json::Value>,
}

impl GetCryptoKeyRequest {
    pub fn new() -> Self {
        std::default::Default::default()
    }

    /// Sets the value of [name][crate::model::GetCryptoKeyRequest::name].
    pub fn set_name<T: std::convert::Into<std::string::String>>(mut self, v: T) -> Self {
        self.name = v.into();
        self
    }
}

impl wkt::message::Message for GetCryptoKeyRequest {
    fn typename() -> &'static str {
        "type.googleapis.com/google.cloud.kms.v1.GetCryptoKeyRequest"
    }
}

/// Request message for
/// [KeyManagementService.GetCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.GetCryptoKeyVersion].
///
/// [google.cloud.kms.v1.KeyManagementService.GetCryptoKeyVersion]: crate::client::KeyManagementService::get_crypto_key_version
#[derive(Clone, Default, PartialEq)]
#[non_exhaustive]
pub struct GetCryptoKeyVersionRequest {
    /// Required. The [name][google.cloud.kms.v1.CryptoKeyVersion.name] of the
    /// [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] to get.
    ///
    /// [google.cloud.kms.v1.CryptoKeyVersion]: crate::model::CryptoKeyVersion
    /// [google.cloud.kms.v1.CryptoKeyVersion.name]: crate::model::CryptoKeyVersion::name
    pub name: std::string::String,

    pub(crate) _unknown_fields: serde_json::Map<std::string::String, serde_json::Value>,
}

impl GetCryptoKeyVersionRequest {
    pub fn new() -> Self {
        std::default::Default::default()
    }

    /// Sets the value of [name][crate::model::GetCryptoKeyVersionRequest::name].
    pub fn set_name<T: std::convert::Into<std::string::String>>(mut self, v: T) -> Self {
        self.name = v.into();
        self
    }
}

impl wkt::message::Message for GetCryptoKeyVersionRequest {
    fn typename() -> &'static str {
        "type.googleapis.com/google.cloud.kms.v1.GetCryptoKeyVersionRequest"
    }
}

/// Request message for
/// [KeyManagementService.GetPublicKey][google.cloud.kms.v1.KeyManagementService.GetPublicKey].
///
/// [google.cloud.kms.v1.KeyManagementService.GetPublicKey]: crate::client::KeyManagementService::get_public_key
#[derive(Clone, Default, PartialEq)]
#[non_exhaustive]
pub struct GetPublicKeyRequest {
    /// Required. The [name][google.cloud.kms.v1.CryptoKeyVersion.name] of the
    /// [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] public key to get.
    ///
    /// [google.cloud.kms.v1.CryptoKeyVersion]: crate::model::CryptoKeyVersion
    /// [google.cloud.kms.v1.CryptoKeyVersion.name]: crate::model::CryptoKeyVersion::name
    pub name: std::string::String,

    /// Optional. The [PublicKey][google.cloud.kms.v1.PublicKey] format specified
    /// by the user. This field is required for PQC algorithms. If specified, the
    /// public key will be exported through the
    /// [public_key][google.cloud.kms.v1.PublicKey.public_key] field in the
    /// requested format. Otherwise, the [pem][google.cloud.kms.v1.PublicKey.pem]
    /// field will be populated for non-PQC algorithms, and an error will be
    /// returned for PQC algorithms.
    ///
    /// [google.cloud.kms.v1.PublicKey]: crate::model::PublicKey
    /// [google.cloud.kms.v1.PublicKey.pem]: crate::model::PublicKey::pem
    /// [google.cloud.kms.v1.PublicKey.public_key]: crate::model::PublicKey::public_key
    pub public_key_format: crate::model::public_key::PublicKeyFormat,

    pub(crate) _unknown_fields: serde_json::Map<std::string::String, serde_json::Value>,
}

impl GetPublicKeyRequest {
    pub fn new() -> Self {
        std::default::Default::default()
    }

    /// Sets the value of [name][crate::model::GetPublicKeyRequest::name].
    pub fn set_name<T: std::convert::Into<std::string::String>>(mut self, v: T) -> Self {
        self.name = v.into();
        self
    }

    /// Sets the value of [public_key_format][crate::model::GetPublicKeyRequest::public_key_format].
    pub fn set_public_key_format<
        T: std::convert::Into<crate::model::public_key::PublicKeyFormat>,
    >(
        mut self,
        v: T,
    ) -> Self {
        self.public_key_format = v.into();
        self
    }
}

impl wkt::message::Message for GetPublicKeyRequest {
    fn typename() -> &'static str {
        "type.googleapis.com/google.cloud.kms.v1.GetPublicKeyRequest"
    }
}

/// Request message for
/// [KeyManagementService.GetImportJob][google.cloud.kms.v1.KeyManagementService.GetImportJob].
///
/// [google.cloud.kms.v1.KeyManagementService.GetImportJob]: crate::client::KeyManagementService::get_import_job
#[derive(Clone, Default, PartialEq)]
#[non_exhaustive]
pub struct GetImportJobRequest {
    /// Required. The [name][google.cloud.kms.v1.ImportJob.name] of the
    /// [ImportJob][google.cloud.kms.v1.ImportJob] to get.
    ///
    /// [google.cloud.kms.v1.ImportJob]: crate::model::ImportJob
    /// [google.cloud.kms.v1.ImportJob.name]: crate::model::ImportJob::name
    pub name: std::string::String,

    pub(crate) _unknown_fields: serde_json::Map<std::string::String, serde_json::Value>,
}

impl GetImportJobRequest {
    pub fn new() -> Self {
        std::default::Default::default()
    }

    /// Sets the value of [name][crate::model::GetImportJobRequest::name].
    pub fn set_name<T: std::convert::Into<std::string::String>>(mut self, v: T) -> Self {
        self.name = v.into();
        self
    }
}

impl wkt::message::Message for GetImportJobRequest {
    fn typename() -> &'static str {
        "type.googleapis.com/google.cloud.kms.v1.GetImportJobRequest"
    }
}

/// Request message for
/// [KeyManagementService.CreateKeyRing][google.cloud.kms.v1.KeyManagementService.CreateKeyRing].
///
/// [google.cloud.kms.v1.KeyManagementService.CreateKeyRing]: crate::client::KeyManagementService::create_key_ring
#[derive(Clone, Default, PartialEq)]
#[non_exhaustive]
pub struct CreateKeyRingRequest {
    /// Required. The resource name of the location associated with the
    /// [KeyRings][google.cloud.kms.v1.KeyRing], in the format
    /// `projects/*/locations/*`.
    ///
    /// [google.cloud.kms.v1.KeyRing]: crate::model::KeyRing
    pub parent: std::string::String,

    /// Required. It must be unique within a location and match the regular
    /// expression `[a-zA-Z0-9_-]{1,63}`
    pub key_ring_id: std::string::String,

    /// Required. A [KeyRing][google.cloud.kms.v1.KeyRing] with initial field
    /// values.
    ///
    /// [google.cloud.kms.v1.KeyRing]: crate::model::KeyRing
    pub key_ring: std::option::Option<crate::model::KeyRing>,

    pub(crate) _unknown_fields: serde_json::Map<std::string::String, serde_json::Value>,
}

impl CreateKeyRingRequest {
    pub fn new() -> Self {
        std::default::Default::default()
    }

    /// Sets the value of [parent][crate::model::CreateKeyRingRequest::parent].
    pub fn set_parent<T: std::convert::Into<std::string::String>>(mut self, v: T) -> Self {
        self.parent = v.into();
        self
    }

    /// Sets the value of [key_ring_id][crate::model::CreateKeyRingRequest::key_ring_id].
    pub fn set_key_ring_id<T: std::convert::Into<std::string::String>>(mut self, v: T) -> Self {
        self.key_ring_id = v.into();
        self
    }

    /// Sets the value of [key_ring][crate::model::CreateKeyRingRequest::key_ring].
    pub fn set_key_ring<T>(mut self, v: T) -> Self
    where
        T: std::convert::Into<crate::model::KeyRing>,
    {
        self.key_ring = std::option::Option::Some(v.into());
        self
    }

    /// Sets or clears the value of [key_ring][crate::model::CreateKeyRingRequest::key_ring].
    pub fn set_or_clear_key_ring<T>(mut self, v: std::option::Option<T>) -> Self
    where
        T: std::convert::Into<crate::model::KeyRing>,
    {
        self.key_ring = v.map(|x| x.into());
        self
    }
}

impl wkt::message::Message for CreateKeyRingRequest {
    fn typename() -> &'static str {
        "type.googleapis.com/google.cloud.kms.v1.CreateKeyRingRequest"
    }
}

/// Request message for
/// [KeyManagementService.CreateCryptoKey][google.cloud.kms.v1.KeyManagementService.CreateCryptoKey].
///
/// [google.cloud.kms.v1.KeyManagementService.CreateCryptoKey]: crate::client::KeyManagementService::create_crypto_key
#[derive(Clone, Default, PartialEq)]
#[non_exhaustive]
pub struct CreateCryptoKeyRequest {
    /// Required. The [name][google.cloud.kms.v1.KeyRing.name] of the KeyRing
    /// associated with the [CryptoKeys][google.cloud.kms.v1.CryptoKey].
    ///
    /// [google.cloud.kms.v1.CryptoKey]: crate::model::CryptoKey
    /// [google.cloud.kms.v1.KeyRing.name]: crate::model::KeyRing::name
    pub parent: std::string::String,

    /// Required. It must be unique within a KeyRing and match the regular
    /// expression `[a-zA-Z0-9_-]{1,63}`
    pub crypto_key_id: std::string::String,

    /// Required. A [CryptoKey][google.cloud.kms.v1.CryptoKey] with initial field
    /// values.
    ///
    /// [google.cloud.kms.v1.CryptoKey]: crate::model::CryptoKey
    pub crypto_key: std::option::Option<crate::model::CryptoKey>,

    /// If set to true, the request will create a
    /// [CryptoKey][google.cloud.kms.v1.CryptoKey] without any
    /// [CryptoKeyVersions][google.cloud.kms.v1.CryptoKeyVersion]. You must
    /// manually call
    /// [CreateCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.CreateCryptoKeyVersion]
    /// or
    /// [ImportCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.ImportCryptoKeyVersion]
    /// before you can use this [CryptoKey][google.cloud.kms.v1.CryptoKey].
    ///
    /// [google.cloud.kms.v1.CryptoKey]: crate::model::CryptoKey
    /// [google.cloud.kms.v1.CryptoKeyVersion]: crate::model::CryptoKeyVersion
    /// [google.cloud.kms.v1.KeyManagementService.CreateCryptoKeyVersion]: crate::client::KeyManagementService::create_crypto_key_version
    /// [google.cloud.kms.v1.KeyManagementService.ImportCryptoKeyVersion]: crate::client::KeyManagementService::import_crypto_key_version
    pub skip_initial_version_creation: bool,

    pub(crate) _unknown_fields: serde_json::Map<std::string::String, serde_json::Value>,
}

impl CreateCryptoKeyRequest {
    pub fn new() -> Self {
        std::default::Default::default()
    }

    /// Sets the value of [parent][crate::model::CreateCryptoKeyRequest::parent].
    pub fn set_parent<T: std::convert::Into<std::string::String>>(mut self, v: T) -> Self {
        self.parent = v.into();
        self
    }

    /// Sets the value of [crypto_key_id][crate::model::CreateCryptoKeyRequest::crypto_key_id].
    pub fn set_crypto_key_id<T: std::convert::Into<std::string::String>>(mut self, v: T) -> Self {
        self.crypto_key_id = v.into();
        self
    }

    /// Sets the value of [crypto_key][crate::model::CreateCryptoKeyRequest::crypto_key].
    pub fn set_crypto_key<T>(mut self, v: T) -> Self
    where
        T: std::convert::Into<crate::model::CryptoKey>,
    {
        self.crypto_key = std::option::Option::Some(v.into());
        self
    }

    /// Sets or clears the value of [crypto_key][crate::model::CreateCryptoKeyRequest::crypto_key].
    pub fn set_or_clear_crypto_key<T>(mut self, v: std::option::Option<T>) -> Self
    where
        T: std::convert::Into<crate::model::CryptoKey>,
    {
        self.crypto_key = v.map(|x| x.into());
        self
    }

    /// Sets the value of [skip_initial_version_creation][crate::model::CreateCryptoKeyRequest::skip_initial_version_creation].
    pub fn set_skip_initial_version_creation<T: std::convert::Into<bool>>(mut self, v: T) -> Self {
        self.skip_initial_version_creation = v.into();
        self
    }
}

impl wkt::message::Message for CreateCryptoKeyRequest {
    fn typename() -> &'static str {
        "type.googleapis.com/google.cloud.kms.v1.CreateCryptoKeyRequest"
    }
}

/// Request message for
/// [KeyManagementService.CreateCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.CreateCryptoKeyVersion].
///
/// [google.cloud.kms.v1.KeyManagementService.CreateCryptoKeyVersion]: crate::client::KeyManagementService::create_crypto_key_version
#[derive(Clone, Default, PartialEq)]
#[non_exhaustive]
pub struct CreateCryptoKeyVersionRequest {
    /// Required. The [name][google.cloud.kms.v1.CryptoKey.name] of the
    /// [CryptoKey][google.cloud.kms.v1.CryptoKey] associated with the
    /// [CryptoKeyVersions][google.cloud.kms.v1.CryptoKeyVersion].
    ///
    /// [google.cloud.kms.v1.CryptoKey]: crate::model::CryptoKey
    /// [google.cloud.kms.v1.CryptoKey.name]: crate::model::CryptoKey::name
    /// [google.cloud.kms.v1.CryptoKeyVersion]: crate::model::CryptoKeyVersion
    pub parent: std::string::String,

    /// Required. A [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] with
    /// initial field values.
    ///
    /// [google.cloud.kms.v1.CryptoKeyVersion]: crate::model::CryptoKeyVersion
    pub crypto_key_version: std::option::Option<crate::model::CryptoKeyVersion>,

    pub(crate) _unknown_fields: serde_json::Map<std::string::String, serde_json::Value>,
}

impl CreateCryptoKeyVersionRequest {
    pub fn new() -> Self {
        std::default::Default::default()
    }

    /// Sets the value of [parent][crate::model::CreateCryptoKeyVersionRequest::parent].
    pub fn set_parent<T: std::convert::Into<std::string::String>>(mut self, v: T) -> Self {
        self.parent = v.into();
        self
    }

    /// Sets the value of [crypto_key_version][crate::model::CreateCryptoKeyVersionRequest::crypto_key_version].
    pub fn set_crypto_key_version<T>(mut self, v: T) -> Self
    where
        T: std::convert::Into<crate::model::CryptoKeyVersion>,
    {
        self.crypto_key_version = std::option::Option::Some(v.into());
        self
    }

    /// Sets or clears the value of [crypto_key_version][crate::model::CreateCryptoKeyVersionRequest::crypto_key_version].
    pub fn set_or_clear_crypto_key_version<T>(mut self, v: std::option::Option<T>) -> Self
    where
        T: std::convert::Into<crate::model::CryptoKeyVersion>,
    {
        self.crypto_key_version = v.map(|x| x.into());
        self
    }
}

impl wkt::message::Message for CreateCryptoKeyVersionRequest {
    fn typename() -> &'static str {
        "type.googleapis.com/google.cloud.kms.v1.CreateCryptoKeyVersionRequest"
    }
}

/// Request message for
/// [KeyManagementService.ImportCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.ImportCryptoKeyVersion].
///
/// [google.cloud.kms.v1.KeyManagementService.ImportCryptoKeyVersion]: crate::client::KeyManagementService::import_crypto_key_version
#[derive(Clone, Default, PartialEq)]
#[non_exhaustive]
pub struct ImportCryptoKeyVersionRequest {
    /// Required. The [name][google.cloud.kms.v1.CryptoKey.name] of the
    /// [CryptoKey][google.cloud.kms.v1.CryptoKey] to be imported into.
    ///
    /// The create permission is only required on this key when creating a new
    /// [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion].
    ///
    /// [google.cloud.kms.v1.CryptoKey]: crate::model::CryptoKey
    /// [google.cloud.kms.v1.CryptoKey.name]: crate::model::CryptoKey::name
    /// [google.cloud.kms.v1.CryptoKeyVersion]: crate::model::CryptoKeyVersion
    pub parent: std::string::String,

    /// Optional. The optional [name][google.cloud.kms.v1.CryptoKeyVersion.name] of
    /// an existing [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] to
    /// target for an import operation. If this field is not present, a new
    /// [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] containing the
    /// supplied key material is created.
    ///
    /// If this field is present, the supplied key material is imported into
    /// the existing [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]. To
    /// import into an existing
    /// [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion], the
    /// [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] must be a child of
    /// [ImportCryptoKeyVersionRequest.parent][google.cloud.kms.v1.ImportCryptoKeyVersionRequest.parent],
    /// have been previously created via
    /// [ImportCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.ImportCryptoKeyVersion],
    /// and be in
    /// [DESTROYED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROYED]
    /// or
    /// [IMPORT_FAILED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.IMPORT_FAILED]
    /// state. The key material and algorithm must match the previous
    /// [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] exactly if the
    /// [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] has ever contained
    /// key material.
    ///
    /// [google.cloud.kms.v1.CryptoKeyVersion]: crate::model::CryptoKeyVersion
    /// [google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROYED]: crate::model::crypto_key_version::CryptoKeyVersionState::Destroyed
    /// [google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.IMPORT_FAILED]: crate::model::crypto_key_version::CryptoKeyVersionState::ImportFailed
    /// [google.cloud.kms.v1.CryptoKeyVersion.name]: crate::model::CryptoKeyVersion::name
    /// [google.cloud.kms.v1.ImportCryptoKeyVersionRequest.parent]: crate::model::ImportCryptoKeyVersionRequest::parent
    /// [google.cloud.kms.v1.KeyManagementService.ImportCryptoKeyVersion]: crate::client::KeyManagementService::import_crypto_key_version
    pub crypto_key_version: std::string::String,

    /// Required. The
    /// [algorithm][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionAlgorithm]
    /// of the key being imported. This does not need to match the
    /// [version_template][google.cloud.kms.v1.CryptoKey.version_template] of the
    /// [CryptoKey][google.cloud.kms.v1.CryptoKey] this version imports into.
    ///
    /// [google.cloud.kms.v1.CryptoKey]: crate::model::CryptoKey
    /// [google.cloud.kms.v1.CryptoKey.version_template]: crate::model::CryptoKey::version_template
    /// [google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionAlgorithm]: crate::model::crypto_key_version::CryptoKeyVersionAlgorithm
    pub algorithm: crate::model::crypto_key_version::CryptoKeyVersionAlgorithm,

    /// Required. The [name][google.cloud.kms.v1.ImportJob.name] of the
    /// [ImportJob][google.cloud.kms.v1.ImportJob] that was used to wrap this key
    /// material.
    ///
    /// [google.cloud.kms.v1.ImportJob]: crate::model::ImportJob
    /// [google.cloud.kms.v1.ImportJob.name]: crate::model::ImportJob::name
    pub import_job: std::string::String,

    /// Optional. The wrapped key material to import.
    ///
    /// Before wrapping, key material must be formatted. If importing symmetric key
    /// material, the expected key material format is plain bytes. If importing
    /// asymmetric key material, the expected key material format is PKCS#8-encoded
    /// DER (the PrivateKeyInfo structure from RFC 5208).
    ///
    /// When wrapping with import methods
    /// ([RSA_OAEP_3072_SHA1_AES_256][google.cloud.kms.v1.ImportJob.ImportMethod.RSA_OAEP_3072_SHA1_AES_256]
    /// or
    /// [RSA_OAEP_4096_SHA1_AES_256][google.cloud.kms.v1.ImportJob.ImportMethod.RSA_OAEP_4096_SHA1_AES_256]
    /// or
    /// [RSA_OAEP_3072_SHA256_AES_256][google.cloud.kms.v1.ImportJob.ImportMethod.RSA_OAEP_3072_SHA256_AES_256]
    /// or
    /// [RSA_OAEP_4096_SHA256_AES_256][google.cloud.kms.v1.ImportJob.ImportMethod.RSA_OAEP_4096_SHA256_AES_256]),
    ///
    /// this field must contain the concatenation of:
    ///
    /// This format is the same as the format produced by PKCS#11 mechanism
    /// CKM_RSA_AES_KEY_WRAP.
    ///
    /// When wrapping with import methods
    /// ([RSA_OAEP_3072_SHA256][google.cloud.kms.v1.ImportJob.ImportMethod.RSA_OAEP_3072_SHA256]
    /// or
    /// [RSA_OAEP_4096_SHA256][google.cloud.kms.v1.ImportJob.ImportMethod.RSA_OAEP_4096_SHA256]),
    ///
    /// this field must contain the formatted key to be imported, wrapped with the
    /// [public_key][google.cloud.kms.v1.ImportJob.public_key] using RSAES-OAEP
    /// with SHA-256, MGF1 with SHA-256, and an empty label.
    ///
    /// [google.cloud.kms.v1.ImportJob.ImportMethod.RSA_OAEP_3072_SHA1_AES_256]: crate::model::import_job::ImportMethod::RsaOaep3072Sha1Aes256
    /// [google.cloud.kms.v1.ImportJob.ImportMethod.RSA_OAEP_3072_SHA256]: crate::model::import_job::ImportMethod::RsaOaep3072Sha256
    /// [google.cloud.kms.v1.ImportJob.ImportMethod.RSA_OAEP_3072_SHA256_AES_256]: crate::model::import_job::ImportMethod::RsaOaep3072Sha256Aes256
    /// [google.cloud.kms.v1.ImportJob.ImportMethod.RSA_OAEP_4096_SHA1_AES_256]: crate::model::import_job::ImportMethod::RsaOaep4096Sha1Aes256
    /// [google.cloud.kms.v1.ImportJob.ImportMethod.RSA_OAEP_4096_SHA256]: crate::model::import_job::ImportMethod::RsaOaep4096Sha256
    /// [google.cloud.kms.v1.ImportJob.ImportMethod.RSA_OAEP_4096_SHA256_AES_256]: crate::model::import_job::ImportMethod::RsaOaep4096Sha256Aes256
    /// [google.cloud.kms.v1.ImportJob.public_key]: crate::model::ImportJob::public_key
    pub wrapped_key: ::bytes::Bytes,

    /// This field is legacy. Use the field
    /// [wrapped_key][google.cloud.kms.v1.ImportCryptoKeyVersionRequest.wrapped_key]
    /// instead.
    ///
    /// [google.cloud.kms.v1.ImportCryptoKeyVersionRequest.wrapped_key]: crate::model::ImportCryptoKeyVersionRequest::wrapped_key
    pub wrapped_key_material:
        std::option::Option<crate::model::import_crypto_key_version_request::WrappedKeyMaterial>,

    pub(crate) _unknown_fields: serde_json::Map<std::string::String, serde_json::Value>,
}

impl ImportCryptoKeyVersionRequest {
    pub fn new() -> Self {
        std::default::Default::default()
    }

    /// Sets the value of [parent][crate::model::ImportCryptoKeyVersionRequest::parent].
    pub fn set_parent<T: std::convert::Into<std::string::String>>(mut self, v: T) -> Self {
        self.parent = v.into();
        self
    }

    /// Sets the value of [crypto_key_version][crate::model::ImportCryptoKeyVersionRequest::crypto_key_version].
    pub fn set_crypto_key_version<T: std::convert::Into<std::string::String>>(
        mut self,
        v: T,
    ) -> Self {
        self.crypto_key_version = v.into();
        self
    }

    /// Sets the value of [algorithm][crate::model::ImportCryptoKeyVersionRequest::algorithm].
    pub fn set_algorithm<
        T: std::convert::Into<crate::model::crypto_key_version::CryptoKeyVersionAlgorithm>,
    >(
        mut self,
        v: T,
    ) -> Self {
        self.algorithm = v.into();
        self
    }

    /// Sets the value of [import_job][crate::model::ImportCryptoKeyVersionRequest::import_job].
    pub fn set_import_job<T: std::convert::Into<std::string::String>>(mut self, v: T) -> Self {
        self.import_job = v.into();
        self
    }

    /// Sets the value of [wrapped_key][crate::model::ImportCryptoKeyVersionRequest::wrapped_key].
    pub fn set_wrapped_key<T: std::convert::Into<::bytes::Bytes>>(mut self, v: T) -> Self {
        self.wrapped_key = v.into();
        self
    }

    /// Sets the value of [wrapped_key_material][crate::model::ImportCryptoKeyVersionRequest::wrapped_key_material].
    ///
    /// Note that all the setters affecting `wrapped_key_material` are mutually
    /// exclusive.
    pub fn set_wrapped_key_material<
        T: std::convert::Into<
                std::option::Option<
                    crate::model::import_crypto_key_version_request::WrappedKeyMaterial,
                >,
            >,
    >(
        mut self,
        v: T,
    ) -> Self {
        self.wrapped_key_material = v.into();
        self
    }

    /// The value of [wrapped_key_material][crate::model::ImportCryptoKeyVersionRequest::wrapped_key_material]
    /// if it holds a `RsaAesWrappedKey`, `None` if the field is not set or
    /// holds a different branch.
    pub fn rsa_aes_wrapped_key(&self) -> std::option::Option<&::bytes::Bytes> {
        #[allow(unreachable_patterns)]
        self.wrapped_key_material.as_ref().and_then(|v| match v {
            crate::model::import_crypto_key_version_request::WrappedKeyMaterial::RsaAesWrappedKey(v) => std::option::Option::Some(v),
            _ => std::option::Option::None,
        })
    }

    /// Sets the value of [wrapped_key_material][crate::model::ImportCryptoKeyVersionRequest::wrapped_key_material]
    /// to hold a `RsaAesWrappedKey`.
    ///
    /// Note that all the setters affecting `wrapped_key_material` are
    /// mutually exclusive.
    pub fn set_rsa_aes_wrapped_key<T: std::convert::Into<::bytes::Bytes>>(mut self, v: T) -> Self {
        self.wrapped_key_material = std::option::Option::Some(
            crate::model::import_crypto_key_version_request::WrappedKeyMaterial::RsaAesWrappedKey(
                v.into(),
            ),
        );
        self
    }
}

impl wkt::message::Message for ImportCryptoKeyVersionRequest {
    fn typename() -> &'static str {
        "type.googleapis.com/google.cloud.kms.v1.ImportCryptoKeyVersionRequest"
    }
}

/// Defines additional types related to [ImportCryptoKeyVersionRequest].
pub mod import_crypto_key_version_request {
    #[allow(unused_imports)]
    use super::*;

    /// This field is legacy. Use the field
    /// [wrapped_key][google.cloud.kms.v1.ImportCryptoKeyVersionRequest.wrapped_key]
    /// instead.
    ///
    /// [google.cloud.kms.v1.ImportCryptoKeyVersionRequest.wrapped_key]: crate::model::ImportCryptoKeyVersionRequest::wrapped_key
    #[derive(Clone, Debug, PartialEq)]
    #[non_exhaustive]
    pub enum WrappedKeyMaterial {
        /// Optional. This field has the same meaning as
        /// [wrapped_key][google.cloud.kms.v1.ImportCryptoKeyVersionRequest.wrapped_key].
        /// Prefer to use that field in new work. Either that field or this field
        /// (but not both) must be specified.
        ///
        /// [google.cloud.kms.v1.ImportCryptoKeyVersionRequest.wrapped_key]: crate::model::ImportCryptoKeyVersionRequest::wrapped_key
        RsaAesWrappedKey(::bytes::Bytes),
    }
}

/// Request message for
/// [KeyManagementService.CreateImportJob][google.cloud.kms.v1.KeyManagementService.CreateImportJob].
///
/// [google.cloud.kms.v1.KeyManagementService.CreateImportJob]: crate::client::KeyManagementService::create_import_job
#[derive(Clone, Default, PartialEq)]
#[non_exhaustive]
pub struct CreateImportJobRequest {
    /// Required. The [name][google.cloud.kms.v1.KeyRing.name] of the
    /// [KeyRing][google.cloud.kms.v1.KeyRing] associated with the
    /// [ImportJobs][google.cloud.kms.v1.ImportJob].
    ///
    /// [google.cloud.kms.v1.ImportJob]: crate::model::ImportJob
    /// [google.cloud.kms.v1.KeyRing]: crate::model::KeyRing
    /// [google.cloud.kms.v1.KeyRing.name]: crate::model::KeyRing::name
    pub parent: std::string::String,

    /// Required. It must be unique within a KeyRing and match the regular
    /// expression `[a-zA-Z0-9_-]{1,63}`
    pub import_job_id: std::string::String,

    /// Required. An [ImportJob][google.cloud.kms.v1.ImportJob] with initial field
    /// values.
    ///
    /// [google.cloud.kms.v1.ImportJob]: crate::model::ImportJob
    pub import_job: std::option::Option<crate::model::ImportJob>,

    pub(crate) _unknown_fields: serde_json::Map<std::string::String, serde_json::Value>,
}

impl CreateImportJobRequest {
    pub fn new() -> Self {
        std::default::Default::default()
    }

    /// Sets the value of [parent][crate::model::CreateImportJobRequest::parent].
    pub fn set_parent<T: std::convert::Into<std::string::String>>(mut self, v: T) -> Self {
        self.parent = v.into();
        self
    }

    /// Sets the value of [import_job_id][crate::model::CreateImportJobRequest::import_job_id].
    pub fn set_import_job_id<T: std::convert::Into<std::string::String>>(mut self, v: T) -> Self {
        self.import_job_id = v.into();
        self
    }

    /// Sets the value of [import_job][crate::model::CreateImportJobRequest::import_job].
    pub fn set_import_job<T>(mut self, v: T) -> Self
    where
        T: std::convert::Into<crate::model::ImportJob>,
    {
        self.import_job = std::option::Option::Some(v.into());
        self
    }

    /// Sets or clears the value of [import_job][crate::model::CreateImportJobRequest::import_job].
    pub fn set_or_clear_import_job<T>(mut self, v: std::option::Option<T>) -> Self
    where
        T: std::convert::Into<crate::model::ImportJob>,
    {
        self.import_job = v.map(|x| x.into());
        self
    }
}

impl wkt::message::Message for CreateImportJobRequest {
    fn typename() -> &'static str {
        "type.googleapis.com/google.cloud.kms.v1.CreateImportJobRequest"
    }
}

/// Request message for
/// [KeyManagementService.UpdateCryptoKey][google.cloud.kms.v1.KeyManagementService.UpdateCryptoKey].
///
/// [google.cloud.kms.v1.KeyManagementService.UpdateCryptoKey]: crate::client::KeyManagementService::update_crypto_key
#[derive(Clone, Default, PartialEq)]
#[non_exhaustive]
pub struct UpdateCryptoKeyRequest {
    /// Required. [CryptoKey][google.cloud.kms.v1.CryptoKey] with updated values.
    ///
    /// [google.cloud.kms.v1.CryptoKey]: crate::model::CryptoKey
    pub crypto_key: std::option::Option<crate::model::CryptoKey>,

    /// Required. List of fields to be updated in this request.
    pub update_mask: std::option::Option<wkt::FieldMask>,

    pub(crate) _unknown_fields: serde_json::Map<std::string::String, serde_json::Value>,
}

impl UpdateCryptoKeyRequest {
    pub fn new() -> Self {
        std::default::Default::default()
    }

    /// Sets the value of [crypto_key][crate::model::UpdateCryptoKeyRequest::crypto_key].
    pub fn set_crypto_key<T>(mut self, v: T) -> Self
    where
        T: std::convert::Into<crate::model::CryptoKey>,
    {
        self.crypto_key = std::option::Option::Some(v.into());
        self
    }

    /// Sets or clears the value of [crypto_key][crate::model::UpdateCryptoKeyRequest::crypto_key].
    pub fn set_or_clear_crypto_key<T>(mut self, v: std::option::Option<T>) -> Self
    where
        T: std::convert::Into<crate::model::CryptoKey>,
    {
        self.crypto_key = v.map(|x| x.into());
        self
    }

    /// Sets the value of [update_mask][crate::model::UpdateCryptoKeyRequest::update_mask].
    pub fn set_update_mask<T>(mut self, v: T) -> Self
    where
        T: std::convert::Into<wkt::FieldMask>,
    {
        self.update_mask = std::option::Option::Some(v.into());
        self
    }

    /// Sets or clears the value of [update_mask][crate::model::UpdateCryptoKeyRequest::update_mask].
    pub fn set_or_clear_update_mask<T>(mut self, v: std::option::Option<T>) -> Self
    where
        T: std::convert::Into<wkt::FieldMask>,
    {
        self.update_mask = v.map(|x| x.into());
        self
    }
}

impl wkt::message::Message for UpdateCryptoKeyRequest {
    fn typename() -> &'static str {
        "type.googleapis.com/google.cloud.kms.v1.UpdateCryptoKeyRequest"
    }
}

/// Request message for
/// [KeyManagementService.UpdateCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.UpdateCryptoKeyVersion].
///
/// [google.cloud.kms.v1.KeyManagementService.UpdateCryptoKeyVersion]: crate::client::KeyManagementService::update_crypto_key_version
#[derive(Clone, Default, PartialEq)]
#[non_exhaustive]
pub struct UpdateCryptoKeyVersionRequest {
    /// Required. [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] with
    /// updated values.
    ///
    /// [google.cloud.kms.v1.CryptoKeyVersion]: crate::model::CryptoKeyVersion
    pub crypto_key_version: std::option::Option<crate::model::CryptoKeyVersion>,

    /// Required. List of fields to be updated in this request.
    pub update_mask: std::option::Option<wkt::FieldMask>,

    pub(crate) _unknown_fields: serde_json::Map<std::string::String, serde_json::Value>,
}

impl UpdateCryptoKeyVersionRequest {
    pub fn new() -> Self {
        std::default::Default::default()
    }

    /// Sets the value of [crypto_key_version][crate::model::UpdateCryptoKeyVersionRequest::crypto_key_version].
    pub fn set_crypto_key_version<T>(mut self, v: T) -> Self
    where
        T: std::convert::Into<crate::model::CryptoKeyVersion>,
    {
        self.crypto_key_version = std::option::Option::Some(v.into());
        self
    }

    /// Sets or clears the value of [crypto_key_version][crate::model::UpdateCryptoKeyVersionRequest::crypto_key_version].
    pub fn set_or_clear_crypto_key_version<T>(mut self, v: std::option::Option<T>) -> Self
    where
        T: std::convert::Into<crate::model::CryptoKeyVersion>,
    {
        self.crypto_key_version = v.map(|x| x.into());
        self
    }

    /// Sets the value of [update_mask][crate::model::UpdateCryptoKeyVersionRequest::update_mask].
    pub fn set_update_mask<T>(mut self, v: T) -> Self
    where
        T: std::convert::Into<wkt::FieldMask>,
    {
        self.update_mask = std::option::Option::Some(v.into());
        self
    }

    /// Sets or clears the value of [update_mask][crate::model::UpdateCryptoKeyVersionRequest::update_mask].
    pub fn set_or_clear_update_mask<T>(mut self, v: std::option::Option<T>) -> Self
    where
        T: std::convert::Into<wkt::FieldMask>,
    {
        self.update_mask = v.map(|x| x.into());
        self
    }
}

impl wkt::message::Message for UpdateCryptoKeyVersionRequest {
    fn typename() -> &'static str {
        "type.googleapis.com/google.cloud.kms.v1.UpdateCryptoKeyVersionRequest"
    }
}

/// Request message for
/// [KeyManagementService.UpdateCryptoKeyPrimaryVersion][google.cloud.kms.v1.KeyManagementService.UpdateCryptoKeyPrimaryVersion].
///
/// [google.cloud.kms.v1.KeyManagementService.UpdateCryptoKeyPrimaryVersion]: crate::client::KeyManagementService::update_crypto_key_primary_version
#[derive(Clone, Default, PartialEq)]
#[non_exhaustive]
pub struct UpdateCryptoKeyPrimaryVersionRequest {
    /// Required. The resource name of the
    /// [CryptoKey][google.cloud.kms.v1.CryptoKey] to update.
    ///
    /// [google.cloud.kms.v1.CryptoKey]: crate::model::CryptoKey
    pub name: std::string::String,

    /// Required. The id of the child
    /// [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] to use as primary.
    ///
    /// [google.cloud.kms.v1.CryptoKeyVersion]: crate::model::CryptoKeyVersion
    pub crypto_key_version_id: std::string::String,

    pub(crate) _unknown_fields: serde_json::Map<std::string::String, serde_json::Value>,
}

impl UpdateCryptoKeyPrimaryVersionRequest {
    pub fn new() -> Self {
        std::default::Default::default()
    }

    /// Sets the value of [name][crate::model::UpdateCryptoKeyPrimaryVersionRequest::name].
    pub fn set_name<T: std::convert::Into<std::string::String>>(mut self, v: T) -> Self {
        self.name = v.into();
        self
    }

    /// Sets the value of [crypto_key_version_id][crate::model::UpdateCryptoKeyPrimaryVersionRequest::crypto_key_version_id].
    pub fn set_crypto_key_version_id<T: std::convert::Into<std::string::String>>(
        mut self,
        v: T,
    ) -> Self {
        self.crypto_key_version_id = v.into();
        self
    }
}

impl wkt::message::Message for UpdateCryptoKeyPrimaryVersionRequest {
    fn typename() -> &'static str {
        "type.googleapis.com/google.cloud.kms.v1.UpdateCryptoKeyPrimaryVersionRequest"
    }
}

/// Request message for
/// [KeyManagementService.DestroyCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.DestroyCryptoKeyVersion].
///
/// [google.cloud.kms.v1.KeyManagementService.DestroyCryptoKeyVersion]: crate::client::KeyManagementService::destroy_crypto_key_version
#[derive(Clone, Default, PartialEq)]
#[non_exhaustive]
pub struct DestroyCryptoKeyVersionRequest {
    /// Required. The resource name of the
    /// [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] to destroy.
    ///
    /// [google.cloud.kms.v1.CryptoKeyVersion]: crate::model::CryptoKeyVersion
    pub name: std::string::String,

    pub(crate) _unknown_fields: serde_json::Map<std::string::String, serde_json::Value>,
}

impl DestroyCryptoKeyVersionRequest {
    pub fn new() -> Self {
        std::default::Default::default()
    }

    /// Sets the value of [name][crate::model::DestroyCryptoKeyVersionRequest::name].
    pub fn set_name<T: std::convert::Into<std::string::String>>(mut self, v: T) -> Self {
        self.name = v.into();
        self
    }
}

impl wkt::message::Message for DestroyCryptoKeyVersionRequest {
    fn typename() -> &'static str {
        "type.googleapis.com/google.cloud.kms.v1.DestroyCryptoKeyVersionRequest"
    }
}

/// Request message for
/// [KeyManagementService.RestoreCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.RestoreCryptoKeyVersion].
///
/// [google.cloud.kms.v1.KeyManagementService.RestoreCryptoKeyVersion]: crate::client::KeyManagementService::restore_crypto_key_version
#[derive(Clone, Default, PartialEq)]
#[non_exhaustive]
pub struct RestoreCryptoKeyVersionRequest {
    /// Required. The resource name of the
    /// [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] to restore.
    ///
    /// [google.cloud.kms.v1.CryptoKeyVersion]: crate::model::CryptoKeyVersion
    pub name: std::string::String,

    pub(crate) _unknown_fields: serde_json::Map<std::string::String, serde_json::Value>,
}

impl RestoreCryptoKeyVersionRequest {
    pub fn new() -> Self {
        std::default::Default::default()
    }

    /// Sets the value of [name][crate::model::RestoreCryptoKeyVersionRequest::name].
    pub fn set_name<T: std::convert::Into<std::string::String>>(mut self, v: T) -> Self {
        self.name = v.into();
        self
    }
}

impl wkt::message::Message for RestoreCryptoKeyVersionRequest {
    fn typename() -> &'static str {
        "type.googleapis.com/google.cloud.kms.v1.RestoreCryptoKeyVersionRequest"
    }
}

/// Request message for
/// [KeyManagementService.Encrypt][google.cloud.kms.v1.KeyManagementService.Encrypt].
///
/// [google.cloud.kms.v1.KeyManagementService.Encrypt]: crate::client::KeyManagementService::encrypt
#[derive(Clone, Default, PartialEq)]
#[non_exhaustive]
pub struct EncryptRequest {
    /// Required. The resource name of the
    /// [CryptoKey][google.cloud.kms.v1.CryptoKey] or
    /// [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] to use for
    /// encryption.
    ///
    /// If a [CryptoKey][google.cloud.kms.v1.CryptoKey] is specified, the server
    /// will use its [primary version][google.cloud.kms.v1.CryptoKey.primary].
    ///
    /// [google.cloud.kms.v1.CryptoKey]: crate::model::CryptoKey
    /// [google.cloud.kms.v1.CryptoKey.primary]: crate::model::CryptoKey::primary
    /// [google.cloud.kms.v1.CryptoKeyVersion]: crate::model::CryptoKeyVersion
    pub name: std::string::String,

    /// Required. The data to encrypt. Must be no larger than 64KiB.
    ///
    /// The maximum size depends on the key version's
    /// [protection_level][google.cloud.kms.v1.CryptoKeyVersionTemplate.protection_level].
    /// For [SOFTWARE][google.cloud.kms.v1.ProtectionLevel.SOFTWARE],
    /// [EXTERNAL][google.cloud.kms.v1.ProtectionLevel.EXTERNAL], and
    /// [EXTERNAL_VPC][google.cloud.kms.v1.ProtectionLevel.EXTERNAL_VPC] keys, the
    /// plaintext must be no larger than 64KiB. For
    /// [HSM][google.cloud.kms.v1.ProtectionLevel.HSM] keys, the combined length of
    /// the plaintext and additional_authenticated_data fields must be no larger
    /// than 8KiB.
    ///
    /// [google.cloud.kms.v1.CryptoKeyVersionTemplate.protection_level]: crate::model::CryptoKeyVersionTemplate::protection_level
    /// [google.cloud.kms.v1.ProtectionLevel.EXTERNAL]: crate::model::ProtectionLevel::External
    /// [google.cloud.kms.v1.ProtectionLevel.EXTERNAL_VPC]: crate::model::ProtectionLevel::ExternalVpc
    /// [google.cloud.kms.v1.ProtectionLevel.HSM]: crate::model::ProtectionLevel::Hsm
    /// [google.cloud.kms.v1.ProtectionLevel.SOFTWARE]: crate::model::ProtectionLevel::Software
    pub plaintext: ::bytes::Bytes,

    /// Optional. Optional data that, if specified, must also be provided during
    /// decryption through
    /// [DecryptRequest.additional_authenticated_data][google.cloud.kms.v1.DecryptRequest.additional_authenticated_data].
    ///
    /// The maximum size depends on the key version's
    /// [protection_level][google.cloud.kms.v1.CryptoKeyVersionTemplate.protection_level].
    /// For [SOFTWARE][google.cloud.kms.v1.ProtectionLevel.SOFTWARE],
    /// [EXTERNAL][google.cloud.kms.v1.ProtectionLevel.EXTERNAL], and
    /// [EXTERNAL_VPC][google.cloud.kms.v1.ProtectionLevel.EXTERNAL_VPC] keys the
    /// AAD must be no larger than 64KiB. For
    /// [HSM][google.cloud.kms.v1.ProtectionLevel.HSM] keys, the combined length of
    /// the plaintext and additional_authenticated_data fields must be no larger
    /// than 8KiB.
    ///
    /// [google.cloud.kms.v1.CryptoKeyVersionTemplate.protection_level]: crate::model::CryptoKeyVersionTemplate::protection_level
    /// [google.cloud.kms.v1.DecryptRequest.additional_authenticated_data]: crate::model::DecryptRequest::additional_authenticated_data
    /// [google.cloud.kms.v1.ProtectionLevel.EXTERNAL]: crate::model::ProtectionLevel::External
    /// [google.cloud.kms.v1.ProtectionLevel.EXTERNAL_VPC]: crate::model::ProtectionLevel::ExternalVpc
    /// [google.cloud.kms.v1.ProtectionLevel.HSM]: crate::model::ProtectionLevel::Hsm
    /// [google.cloud.kms.v1.ProtectionLevel.SOFTWARE]: crate::model::ProtectionLevel::Software
    pub additional_authenticated_data: ::bytes::Bytes,

    /// Optional. An optional CRC32C checksum of the
    /// [EncryptRequest.plaintext][google.cloud.kms.v1.EncryptRequest.plaintext].
    /// If specified,
    /// [KeyManagementService][google.cloud.kms.v1.KeyManagementService] will
    /// verify the integrity of the received
    /// [EncryptRequest.plaintext][google.cloud.kms.v1.EncryptRequest.plaintext]
    /// using this checksum.
    /// [KeyManagementService][google.cloud.kms.v1.KeyManagementService] will
    /// report an error if the checksum verification fails. If you receive a
    /// checksum error, your client should verify that
    /// CRC32C([EncryptRequest.plaintext][google.cloud.kms.v1.EncryptRequest.plaintext])
    /// is equal to
    /// [EncryptRequest.plaintext_crc32c][google.cloud.kms.v1.EncryptRequest.plaintext_crc32c],
    /// and if so, perform a limited number of retries. A persistent mismatch may
    /// indicate an issue in your computation of the CRC32C checksum. Note: This
    /// field is defined as int64 for reasons of compatibility across different
    /// languages. However, it is a non-negative integer, which will never exceed
    /// 2^32-1, and can be safely downconverted to uint32 in languages that support
    /// this type.
    ///
    /// [google.cloud.kms.v1.EncryptRequest.plaintext]: crate::model::EncryptRequest::plaintext
    /// [google.cloud.kms.v1.EncryptRequest.plaintext_crc32c]: crate::model::EncryptRequest::plaintext_crc32c
    /// [google.cloud.kms.v1.KeyManagementService]: crate::client::KeyManagementService
    pub plaintext_crc32c: std::option::Option<wkt::Int64Value>,

    /// Optional. An optional CRC32C checksum of the
    /// [EncryptRequest.additional_authenticated_data][google.cloud.kms.v1.EncryptRequest.additional_authenticated_data].
    /// If specified,
    /// [KeyManagementService][google.cloud.kms.v1.KeyManagementService] will
    /// verify the integrity of the received
    /// [EncryptRequest.additional_authenticated_data][google.cloud.kms.v1.EncryptRequest.additional_authenticated_data]
    /// using this checksum.
    /// [KeyManagementService][google.cloud.kms.v1.KeyManagementService] will
    /// report an error if the checksum verification fails. If you receive a
    /// checksum error, your client should verify that
    /// CRC32C([EncryptRequest.additional_authenticated_data][google.cloud.kms.v1.EncryptRequest.additional_authenticated_data])
    /// is equal to
    /// [EncryptRequest.additional_authenticated_data_crc32c][google.cloud.kms.v1.EncryptRequest.additional_authenticated_data_crc32c],
    /// and if so, perform a limited number of retries. A persistent mismatch may
    /// indicate an issue in your computation of the CRC32C checksum. Note: This
    /// field is defined as int64 for reasons of compatibility across different
    /// languages. However, it is a non-negative integer, which will never exceed
    /// 2^32-1, and can be safely downconverted to uint32 in languages that support
    /// this type.
    ///
    /// [google.cloud.kms.v1.EncryptRequest.additional_authenticated_data]: crate::model::EncryptRequest::additional_authenticated_data
    /// [google.cloud.kms.v1.EncryptRequest.additional_authenticated_data_crc32c]: crate::model::EncryptRequest::additional_authenticated_data_crc32c
    /// [google.cloud.kms.v1.KeyManagementService]: crate::client::KeyManagementService
    pub additional_authenticated_data_crc32c: std::option::Option<wkt::Int64Value>,

    pub(crate) _unknown_fields: serde_json::Map<std::string::String, serde_json::Value>,
}

impl EncryptRequest {
    pub fn new() -> Self {
        std::default::Default::default()
    }

    /// Sets the value of [name][crate::model::EncryptRequest::name].
    pub fn set_name<T: std::convert::Into<std::string::String>>(mut self, v: T) -> Self {
        self.name = v.into();
        self
    }

    /// Sets the value of [plaintext][crate::model::EncryptRequest::plaintext].
    pub fn set_plaintext<T: std::convert::Into<::bytes::Bytes>>(mut self, v: T) -> Self {
        self.plaintext = v.into();
        self
    }

    /// Sets the value of [additional_authenticated_data][crate::model::EncryptRequest::additional_authenticated_data].
    pub fn set_additional_authenticated_data<T: std::convert::Into<::bytes::Bytes>>(
        mut self,
        v: T,
    ) -> Self {
        self.additional_authenticated_data = v.into();
        self
    }

    /// Sets the value of [plaintext_crc32c][crate::model::EncryptRequest::plaintext_crc32c].
    pub fn set_plaintext_crc32c<T>(mut self, v: T) -> Self
    where
        T: std::convert::Into<wkt::Int64Value>,
    {
        self.plaintext_crc32c = std::option::Option::Some(v.into());
        self
    }

    /// Sets or clears the value of [plaintext_crc32c][crate::model::EncryptRequest::plaintext_crc32c].
    pub fn set_or_clear_plaintext_crc32c<T>(mut self, v: std::option::Option<T>) -> Self
    where
        T: std::convert::Into<wkt::Int64Value>,
    {
        self.plaintext_crc32c = v.map(|x| x.into());
        self
    }

    /// Sets the value of [additional_authenticated_data_crc32c][crate::model::EncryptRequest::additional_authenticated_data_crc32c].
    pub fn set_additional_authenticated_data_crc32c<T>(mut self, v: T) -> Self
    where
        T: std::convert::Into<wkt::Int64Value>,
    {
        self.additional_authenticated_data_crc32c = std::option::Option::Some(v.into());
        self
    }

    /// Sets or clears the value of [additional_authenticated_data_crc32c][crate::model::EncryptRequest::additional_authenticated_data_crc32c].
    pub fn set_or_clear_additional_authenticated_data_crc32c<T>(
        mut self,
        v: std::option::Option<T>,
    ) -> Self
    where
        T: std::convert::Into<wkt::Int64Value>,
    {
        self.additional_authenticated_data_crc32c = v.map(|x| x.into());
        self
    }
}

impl wkt::message::Message for EncryptRequest {
    fn typename() -> &'static str {
        "type.googleapis.com/google.cloud.kms.v1.EncryptRequest"
    }
}

/// Request message for
/// [KeyManagementService.Decrypt][google.cloud.kms.v1.KeyManagementService.Decrypt].
///
/// [google.cloud.kms.v1.KeyManagementService.Decrypt]: crate::client::KeyManagementService::decrypt
#[derive(Clone, Default, PartialEq)]
#[non_exhaustive]
pub struct DecryptRequest {
    /// Required. The resource name of the
    /// [CryptoKey][google.cloud.kms.v1.CryptoKey] to use for decryption. The
    /// server will choose the appropriate version.
    ///
    /// [google.cloud.kms.v1.CryptoKey]: crate::model::CryptoKey
    pub name: std::string::String,

    /// Required. The encrypted data originally returned in
    /// [EncryptResponse.ciphertext][google.cloud.kms.v1.EncryptResponse.ciphertext].
    ///
    /// [google.cloud.kms.v1.EncryptResponse.ciphertext]: crate::model::EncryptResponse::ciphertext
    pub ciphertext: ::bytes::Bytes,

    /// Optional. Optional data that must match the data originally supplied in
    /// [EncryptRequest.additional_authenticated_data][google.cloud.kms.v1.EncryptRequest.additional_authenticated_data].
    ///
    /// [google.cloud.kms.v1.EncryptRequest.additional_authenticated_data]: crate::model::EncryptRequest::additional_authenticated_data
    pub additional_authenticated_data: ::bytes::Bytes,

    /// Optional. An optional CRC32C checksum of the
    /// [DecryptRequest.ciphertext][google.cloud.kms.v1.DecryptRequest.ciphertext].
    /// If specified,
    /// [KeyManagementService][google.cloud.kms.v1.KeyManagementService] will
    /// verify the integrity of the received
    /// [DecryptRequest.ciphertext][google.cloud.kms.v1.DecryptRequest.ciphertext]
    /// using this checksum.
    /// [KeyManagementService][google.cloud.kms.v1.KeyManagementService] will
    /// report an error if the checksum verification fails. If you receive a
    /// checksum error, your client should verify that
    /// CRC32C([DecryptRequest.ciphertext][google.cloud.kms.v1.DecryptRequest.ciphertext])
    /// is equal to
    /// [DecryptRequest.ciphertext_crc32c][google.cloud.kms.v1.DecryptRequest.ciphertext_crc32c],
    /// and if so, perform a limited number of retries. A persistent mismatch may
    /// indicate an issue in your computation of the CRC32C checksum. Note: This
    /// field is defined as int64 for reasons of compatibility across different
    /// languages. However, it is a non-negative integer, which will never exceed
    /// 2^32-1, and can be safely downconverted to uint32 in languages that support
    /// this type.
    ///
    /// [google.cloud.kms.v1.DecryptRequest.ciphertext]: crate::model::DecryptRequest::ciphertext
    /// [google.cloud.kms.v1.DecryptRequest.ciphertext_crc32c]: crate::model::DecryptRequest::ciphertext_crc32c
    /// [google.cloud.kms.v1.KeyManagementService]: crate::client::KeyManagementService
    pub ciphertext_crc32c: std::option::Option<wkt::Int64Value>,

    /// Optional. An optional CRC32C checksum of the
    /// [DecryptRequest.additional_authenticated_data][google.cloud.kms.v1.DecryptRequest.additional_authenticated_data].
    /// If specified,
    /// [KeyManagementService][google.cloud.kms.v1.KeyManagementService] will
    /// verify the integrity of the received
    /// [DecryptRequest.additional_authenticated_data][google.cloud.kms.v1.DecryptRequest.additional_authenticated_data]
    /// using this checksum.
    /// [KeyManagementService][google.cloud.kms.v1.KeyManagementService] will
    /// report an error if the checksum verification fails. If you receive a
    /// checksum error, your client should verify that
    /// CRC32C([DecryptRequest.additional_authenticated_data][google.cloud.kms.v1.DecryptRequest.additional_authenticated_data])
    /// is equal to
    /// [DecryptRequest.additional_authenticated_data_crc32c][google.cloud.kms.v1.DecryptRequest.additional_authenticated_data_crc32c],
    /// and if so, perform a limited number of retries. A persistent mismatch may
    /// indicate an issue in your computation of the CRC32C checksum. Note: This
    /// field is defined as int64 for reasons of compatibility across different
    /// languages. However, it is a non-negative integer, which will never exceed
    /// 2^32-1, and can be safely downconverted to uint32 in languages that support
    /// this type.
    ///
    /// [google.cloud.kms.v1.DecryptRequest.additional_authenticated_data]: crate::model::DecryptRequest::additional_authenticated_data
    /// [google.cloud.kms.v1.DecryptRequest.additional_authenticated_data_crc32c]: crate::model::DecryptRequest::additional_authenticated_data_crc32c
    /// [google.cloud.kms.v1.KeyManagementService]: crate::client::KeyManagementService
    pub additional_authenticated_data_crc32c: std::option::Option<wkt::Int64Value>,

    pub(crate) _unknown_fields: serde_json::Map<std::string::String, serde_json::Value>,
}

impl DecryptRequest {
    pub fn new() -> Self {
        std::default::Default::default()
    }

    /// Sets the value of [name][crate::model::DecryptRequest::name].
    pub fn set_name<T: std::convert::Into<std::string::String>>(mut self, v: T) -> Self {
        self.name = v.into();
        self
    }

    /// Sets the value of [ciphertext][crate::model::DecryptRequest::ciphertext].
    pub fn set_ciphertext<T: std::convert::Into<::bytes::Bytes>>(mut self, v: T) -> Self {
        self.ciphertext = v.into();
        self
    }

    /// Sets the value of [additional_authenticated_data][crate::model::DecryptRequest::additional_authenticated_data].
    pub fn set_additional_authenticated_data<T: std::convert::Into<::bytes::Bytes>>(
        mut self,
        v: T,
    ) -> Self {
        self.additional_authenticated_data = v.into();
        self
    }

    /// Sets the value of [ciphertext_crc32c][crate::model::DecryptRequest::ciphertext_crc32c].
    pub fn set_ciphertext_crc32c<T>(mut self, v: T) -> Self
    where
        T: std::convert::Into<wkt::Int64Value>,
    {
        self.ciphertext_crc32c = std::option::Option::Some(v.into());
        self
    }

    /// Sets or clears the value of [ciphertext_crc32c][crate::model::DecryptRequest::ciphertext_crc32c].
    pub fn set_or_clear_ciphertext_crc32c<T>(mut self, v: std::option::Option<T>) -> Self
    where
        T: std::convert::Into<wkt::Int64Value>,
    {
        self.ciphertext_crc32c = v.map(|x| x.into());
        self
    }

    /// Sets the value of [additional_authenticated_data_crc32c][crate::model::DecryptRequest::additional_authenticated_data_crc32c].
    pub fn set_additional_authenticated_data_crc32c<T>(mut self, v: T) -> Self
    where
        T: std::convert::Into<wkt::Int64Value>,
    {
        self.additional_authenticated_data_crc32c = std::option::Option::Some(v.into());
        self
    }

    /// Sets or clears the value of [additional_authenticated_data_crc32c][crate::model::DecryptRequest::additional_authenticated_data_crc32c].
    pub fn set_or_clear_additional_authenticated_data_crc32c<T>(
        mut self,
        v: std::option::Option<T>,
    ) -> Self
    where
        T: std::convert::Into<wkt::Int64Value>,
    {
        self.additional_authenticated_data_crc32c = v.map(|x| x.into());
        self
    }
}

impl wkt::message::Message for DecryptRequest {
    fn typename() -> &'static str {
        "type.googleapis.com/google.cloud.kms.v1.DecryptRequest"
    }
}

/// Request message for
/// [KeyManagementService.RawEncrypt][google.cloud.kms.v1.KeyManagementService.RawEncrypt].
///
/// [google.cloud.kms.v1.KeyManagementService.RawEncrypt]: crate::client::KeyManagementService::raw_encrypt
#[derive(Clone, Default, PartialEq)]
#[non_exhaustive]
pub struct RawEncryptRequest {
    /// Required. The resource name of the
    /// [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] to use for
    /// encryption.
    ///
    /// [google.cloud.kms.v1.CryptoKeyVersion]: crate::model::CryptoKeyVersion
    pub name: std::string::String,

    /// Required. The data to encrypt. Must be no larger than 64KiB.
    ///
    /// The maximum size depends on the key version's
    /// [protection_level][google.cloud.kms.v1.CryptoKeyVersionTemplate.protection_level].
    /// For [SOFTWARE][google.cloud.kms.v1.ProtectionLevel.SOFTWARE] keys, the
    /// plaintext must be no larger than 64KiB. For
    /// [HSM][google.cloud.kms.v1.ProtectionLevel.HSM] keys, the combined length of
    /// the plaintext and additional_authenticated_data fields must be no larger
    /// than 8KiB.
    ///
    /// [google.cloud.kms.v1.CryptoKeyVersionTemplate.protection_level]: crate::model::CryptoKeyVersionTemplate::protection_level
    /// [google.cloud.kms.v1.ProtectionLevel.HSM]: crate::model::ProtectionLevel::Hsm
    /// [google.cloud.kms.v1.ProtectionLevel.SOFTWARE]: crate::model::ProtectionLevel::Software
    pub plaintext: ::bytes::Bytes,

    /// Optional. Optional data that, if specified, must also be provided during
    /// decryption through
    /// [RawDecryptRequest.additional_authenticated_data][google.cloud.kms.v1.RawDecryptRequest.additional_authenticated_data].
    ///
    /// This field may only be used in conjunction with an
    /// [algorithm][google.cloud.kms.v1.CryptoKeyVersion.algorithm] that accepts
    /// additional authenticated data (for example, AES-GCM).
    ///
    /// The maximum size depends on the key version's
    /// [protection_level][google.cloud.kms.v1.CryptoKeyVersionTemplate.protection_level].
    /// For [SOFTWARE][google.cloud.kms.v1.ProtectionLevel.SOFTWARE] keys, the
    /// plaintext must be no larger than 64KiB. For
    /// [HSM][google.cloud.kms.v1.ProtectionLevel.HSM] keys, the combined length of
    /// the plaintext and additional_authenticated_data fields must be no larger
    /// than 8KiB.
    ///
    /// [google.cloud.kms.v1.CryptoKeyVersion.algorithm]: crate::model::CryptoKeyVersion::algorithm
    /// [google.cloud.kms.v1.CryptoKeyVersionTemplate.protection_level]: crate::model::CryptoKeyVersionTemplate::protection_level
    /// [google.cloud.kms.v1.ProtectionLevel.HSM]: crate::model::ProtectionLevel::Hsm
    /// [google.cloud.kms.v1.ProtectionLevel.SOFTWARE]: crate::model::ProtectionLevel::Software
    /// [google.cloud.kms.v1.RawDecryptRequest.additional_authenticated_data]: crate::model::RawDecryptRequest::additional_authenticated_data
    pub additional_authenticated_data: ::bytes::Bytes,

    /// Optional. An optional CRC32C checksum of the
    /// [RawEncryptRequest.plaintext][google.cloud.kms.v1.RawEncryptRequest.plaintext].
    /// If specified,
    /// [KeyManagementService][google.cloud.kms.v1.KeyManagementService] will
    /// verify the integrity of the received plaintext using this checksum.
    /// [KeyManagementService][google.cloud.kms.v1.KeyManagementService] will
    /// report an error if the checksum verification fails. If you receive a
    /// checksum error, your client should verify that CRC32C(plaintext) is equal
    /// to plaintext_crc32c, and if so, perform a limited number of retries. A
    /// persistent mismatch may indicate an issue in your computation of the CRC32C
    /// checksum. Note: This field is defined as int64 for reasons of compatibility
    /// across different languages. However, it is a non-negative integer, which
    /// will never exceed 2^32-1, and can be safely downconverted to uint32 in
    /// languages that support this type.
    ///
    /// [google.cloud.kms.v1.KeyManagementService]: crate::client::KeyManagementService
    /// [google.cloud.kms.v1.RawEncryptRequest.plaintext]: crate::model::RawEncryptRequest::plaintext
    pub plaintext_crc32c: std::option::Option<wkt::Int64Value>,

    /// Optional. An optional CRC32C checksum of the
    /// [RawEncryptRequest.additional_authenticated_data][google.cloud.kms.v1.RawEncryptRequest.additional_authenticated_data].
    /// If specified,
    /// [KeyManagementService][google.cloud.kms.v1.KeyManagementService] will
    /// verify the integrity of the received additional_authenticated_data using
    /// this checksum.
    /// [KeyManagementService][google.cloud.kms.v1.KeyManagementService] will
    /// report an error if the checksum verification fails. If you receive a
    /// checksum error, your client should verify that
    /// CRC32C(additional_authenticated_data) is equal to
    /// additional_authenticated_data_crc32c, and if so, perform
    /// a limited number of retries. A persistent mismatch may indicate an issue in
    /// your computation of the CRC32C checksum.
    /// Note: This field is defined as int64 for reasons of compatibility across
    /// different languages. However, it is a non-negative integer, which will
    /// never exceed 2^32-1, and can be safely downconverted to uint32 in languages
    /// that support this type.
    ///
    /// [google.cloud.kms.v1.KeyManagementService]: crate::client::KeyManagementService
    /// [google.cloud.kms.v1.RawEncryptRequest.additional_authenticated_data]: crate::model::RawEncryptRequest::additional_authenticated_data
    pub additional_authenticated_data_crc32c: std::option::Option<wkt::Int64Value>,

    /// Optional. A customer-supplied initialization vector that will be used for
    /// encryption. If it is not provided for AES-CBC and AES-CTR, one will be
    /// generated. It will be returned in
    /// [RawEncryptResponse.initialization_vector][google.cloud.kms.v1.RawEncryptResponse.initialization_vector].
    ///
    /// [google.cloud.kms.v1.RawEncryptResponse.initialization_vector]: crate::model::RawEncryptResponse::initialization_vector
    pub initialization_vector: ::bytes::Bytes,

    /// Optional. An optional CRC32C checksum of the
    /// [RawEncryptRequest.initialization_vector][google.cloud.kms.v1.RawEncryptRequest.initialization_vector].
    /// If specified,
    /// [KeyManagementService][google.cloud.kms.v1.KeyManagementService] will
    /// verify the integrity of the received initialization_vector using this
    /// checksum. [KeyManagementService][google.cloud.kms.v1.KeyManagementService]
    /// will report an error if the checksum verification fails. If you receive a
    /// checksum error, your client should verify that
    /// CRC32C(initialization_vector) is equal to
    /// initialization_vector_crc32c, and if so, perform
    /// a limited number of retries. A persistent mismatch may indicate an issue in
    /// your computation of the CRC32C checksum.
    /// Note: This field is defined as int64 for reasons of compatibility across
    /// different languages. However, it is a non-negative integer, which will
    /// never exceed 2^32-1, and can be safely downconverted to uint32 in languages
    /// that support this type.
    ///
    /// [google.cloud.kms.v1.KeyManagementService]: crate::client::KeyManagementService
    /// [google.cloud.kms.v1.RawEncryptRequest.initialization_vector]: crate::model::RawEncryptRequest::initialization_vector
    pub initialization_vector_crc32c: std::option::Option<wkt::Int64Value>,

    pub(crate) _unknown_fields: serde_json::Map<std::string::String, serde_json::Value>,
}

impl RawEncryptRequest {
    pub fn new() -> Self {
        std::default::Default::default()
    }

    /// Sets the value of [name][crate::model::RawEncryptRequest::name].
    pub fn set_name<T: std::convert::Into<std::string::String>>(mut self, v: T) -> Self {
        self.name = v.into();
        self
    }

    /// Sets the value of [plaintext][crate::model::RawEncryptRequest::plaintext].
    pub fn set_plaintext<T: std::convert::Into<::bytes::Bytes>>(mut self, v: T) -> Self {
        self.plaintext = v.into();
        self
    }

    /// Sets the value of [additional_authenticated_data][crate::model::RawEncryptRequest::additional_authenticated_data].
    pub fn set_additional_authenticated_data<T: std::convert::Into<::bytes::Bytes>>(
        mut self,
        v: T,
    ) -> Self {
        self.additional_authenticated_data = v.into();
        self
    }

    /// Sets the value of [plaintext_crc32c][crate::model::RawEncryptRequest::plaintext_crc32c].
    pub fn set_plaintext_crc32c<T>(mut self, v: T) -> Self
    where
        T: std::convert::Into<wkt::Int64Value>,
    {
        self.plaintext_crc32c = std::option::Option::Some(v.into());
        self
    }

    /// Sets or clears the value of [plaintext_crc32c][crate::model::RawEncryptRequest::plaintext_crc32c].
    pub fn set_or_clear_plaintext_crc32c<T>(mut self, v: std::option::Option<T>) -> Self
    where
        T: std::convert::Into<wkt::Int64Value>,
    {
        self.plaintext_crc32c = v.map(|x| x.into());
        self
    }

    /// Sets the value of [additional_authenticated_data_crc32c][crate::model::RawEncryptRequest::additional_authenticated_data_crc32c].
    pub fn set_additional_authenticated_data_crc32c<T>(mut self, v: T) -> Self
    where
        T: std::convert::Into<wkt::Int64Value>,
    {
        self.additional_authenticated_data_crc32c = std::option::Option::Some(v.into());
        self
    }

    /// Sets or clears the value of [additional_authenticated_data_crc32c][crate::model::RawEncryptRequest::additional_authenticated_data_crc32c].
    pub fn set_or_clear_additional_authenticated_data_crc32c<T>(
        mut self,
        v: std::option::Option<T>,
    ) -> Self
    where
        T: std::convert::Into<wkt::Int64Value>,
    {
        self.additional_authenticated_data_crc32c = v.map(|x| x.into());
        self
    }

    /// Sets the value of [initialization_vector][crate::model::RawEncryptRequest::initialization_vector].
    pub fn set_initialization_vector<T: std::convert::Into<::bytes::Bytes>>(
        mut self,
        v: T,
    ) -> Self {
        self.initialization_vector = v.into();
        self
    }

    /// Sets the value of [initialization_vector_crc32c][crate::model::RawEncryptRequest::initialization_vector_crc32c].
    pub fn set_initialization_vector_crc32c<T>(mut self, v: T) -> Self
    where
        T: std::convert::Into<wkt::Int64Value>,
    {
        self.initialization_vector_crc32c = std::option::Option::Some(v.into());
        self
    }

    /// Sets or clears the value of [initialization_vector_crc32c][crate::model::RawEncryptRequest::initialization_vector_crc32c].
    pub fn set_or_clear_initialization_vector_crc32c<T>(mut self, v: std::option::Option<T>) -> Self
    where
        T: std::convert::Into<wkt::Int64Value>,
    {
        self.initialization_vector_crc32c = v.map(|x| x.into());
        self
    }
}

impl wkt::message::Message for RawEncryptRequest {
    fn typename() -> &'static str {
        "type.googleapis.com/google.cloud.kms.v1.RawEncryptRequest"
    }
}

/// Request message for
/// [KeyManagementService.RawDecrypt][google.cloud.kms.v1.KeyManagementService.RawDecrypt].
///
/// [google.cloud.kms.v1.KeyManagementService.RawDecrypt]: crate::client::KeyManagementService::raw_decrypt
#[derive(Clone, Default, PartialEq)]
#[non_exhaustive]
pub struct RawDecryptRequest {
    /// Required. The resource name of the
    /// [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] to use for
    /// decryption.
    ///
    /// [google.cloud.kms.v1.CryptoKeyVersion]: crate::model::CryptoKeyVersion
    pub name: std::string::String,

    /// Required. The encrypted data originally returned in
    /// [RawEncryptResponse.ciphertext][google.cloud.kms.v1.RawEncryptResponse.ciphertext].
    ///
    /// [google.cloud.kms.v1.RawEncryptResponse.ciphertext]: crate::model::RawEncryptResponse::ciphertext
    pub ciphertext: ::bytes::Bytes,

    /// Optional. Optional data that must match the data originally supplied in
    /// [RawEncryptRequest.additional_authenticated_data][google.cloud.kms.v1.RawEncryptRequest.additional_authenticated_data].
    ///
    /// [google.cloud.kms.v1.RawEncryptRequest.additional_authenticated_data]: crate::model::RawEncryptRequest::additional_authenticated_data
    pub additional_authenticated_data: ::bytes::Bytes,

    /// Required. The initialization vector (IV) used during encryption, which must
    /// match the data originally provided in
    /// [RawEncryptResponse.initialization_vector][google.cloud.kms.v1.RawEncryptResponse.initialization_vector].
    ///
    /// [google.cloud.kms.v1.RawEncryptResponse.initialization_vector]: crate::model::RawEncryptResponse::initialization_vector
    pub initialization_vector: ::bytes::Bytes,

    /// The length of the authentication tag that is appended to the end of
    /// the ciphertext. If unspecified (0), the default value for the key's
    /// algorithm will be used (for AES-GCM, the default value is 16).
    pub tag_length: i32,

    /// Optional. An optional CRC32C checksum of the
    /// [RawDecryptRequest.ciphertext][google.cloud.kms.v1.RawDecryptRequest.ciphertext].
    /// If specified,
    /// [KeyManagementService][google.cloud.kms.v1.KeyManagementService] will
    /// verify the integrity of the received ciphertext using this checksum.
    /// [KeyManagementService][google.cloud.kms.v1.KeyManagementService] will
    /// report an error if the checksum verification fails. If you receive a
    /// checksum error, your client should verify that CRC32C(ciphertext) is equal
    /// to ciphertext_crc32c, and if so, perform a limited number of retries. A
    /// persistent mismatch may indicate an issue in your computation of the CRC32C
    /// checksum. Note: This field is defined as int64 for reasons of compatibility
    /// across different languages. However, it is a non-negative integer, which
    /// will never exceed 2^32-1, and can be safely downconverted to uint32 in
    /// languages that support this type.
    ///
    /// [google.cloud.kms.v1.KeyManagementService]: crate::client::KeyManagementService
    /// [google.cloud.kms.v1.RawDecryptRequest.ciphertext]: crate::model::RawDecryptRequest::ciphertext
    pub ciphertext_crc32c: std::option::Option<wkt::Int64Value>,

    /// Optional. An optional CRC32C checksum of the
    /// [RawDecryptRequest.additional_authenticated_data][google.cloud.kms.v1.RawDecryptRequest.additional_authenticated_data].
    /// If specified,
    /// [KeyManagementService][google.cloud.kms.v1.KeyManagementService] will
    /// verify the integrity of the received additional_authenticated_data using
    /// this checksum.
    /// [KeyManagementService][google.cloud.kms.v1.KeyManagementService] will
    /// report an error if the checksum verification fails. If you receive a
    /// checksum error, your client should verify that
    /// CRC32C(additional_authenticated_data) is equal to
    /// additional_authenticated_data_crc32c, and if so, perform
    /// a limited number of retries. A persistent mismatch may indicate an issue in
    /// your computation of the CRC32C checksum.
    /// Note: This field is defined as int64 for reasons of compatibility across
    /// different languages. However, it is a non-negative integer, which will
    /// never exceed 2^32-1, and can be safely downconverted to uint32 in languages
    /// that support this type.
    ///
    /// [google.cloud.kms.v1.KeyManagementService]: crate::client::KeyManagementService
    /// [google.cloud.kms.v1.RawDecryptRequest.additional_authenticated_data]: crate::model::RawDecryptRequest::additional_authenticated_data
    pub additional_authenticated_data_crc32c: std::option::Option<wkt::Int64Value>,

    /// Optional. An optional CRC32C checksum of the
    /// [RawDecryptRequest.initialization_vector][google.cloud.kms.v1.RawDecryptRequest.initialization_vector].
    /// If specified,
    /// [KeyManagementService][google.cloud.kms.v1.KeyManagementService] will
    /// verify the integrity of the received initialization_vector using this
    /// checksum. [KeyManagementService][google.cloud.kms.v1.KeyManagementService]
    /// will report an error if the checksum verification fails. If you receive a
    /// checksum error, your client should verify that
    /// CRC32C(initialization_vector) is equal to initialization_vector_crc32c, and
    /// if so, perform a limited number of retries. A persistent mismatch may
    /// indicate an issue in your computation of the CRC32C checksum.
    /// Note: This field is defined as int64 for reasons of compatibility across
    /// different languages. However, it is a non-negative integer, which will
    /// never exceed 2^32-1, and can be safely downconverted to uint32 in languages
    /// that support this type.
    ///
    /// [google.cloud.kms.v1.KeyManagementService]: crate::client::KeyManagementService
    /// [google.cloud.kms.v1.RawDecryptRequest.initialization_vector]: crate::model::RawDecryptRequest::initialization_vector
    pub initialization_vector_crc32c: std::option::Option<wkt::Int64Value>,

    pub(crate) _unknown_fields: serde_json::Map<std::string::String, serde_json::Value>,
}

impl RawDecryptRequest {
    pub fn new() -> Self {
        std::default::Default::default()
    }

    /// Sets the value of [name][crate::model::RawDecryptRequest::name].
    pub fn set_name<T: std::convert::Into<std::string::String>>(mut self, v: T) -> Self {
        self.name = v.into();
        self
    }

    /// Sets the value of [ciphertext][crate::model::RawDecryptRequest::ciphertext].
    pub fn set_ciphertext<T: std::convert::Into<::bytes::Bytes>>(mut self, v: T) -> Self {
        self.ciphertext = v.into();
        self
    }

    /// Sets the value of [additional_authenticated_data][crate::model::RawDecryptRequest::additional_authenticated_data].
    pub fn set_additional_authenticated_data<T: std::convert::Into<::bytes::Bytes>>(
        mut self,
        v: T,
    ) -> Self {
        self.additional_authenticated_data = v.into();
        self
    }

    /// Sets the value of [initialization_vector][crate::model::RawDecryptRequest::initialization_vector].
    pub fn set_initialization_vector<T: std::convert::Into<::bytes::Bytes>>(
        mut self,
        v: T,
    ) -> Self {
        self.initialization_vector = v.into();
        self
    }

    /// Sets the value of [tag_length][crate::model::RawDecryptRequest::tag_length].
    pub fn set_tag_length<T: std::convert::Into<i32>>(mut self, v: T) -> Self {
        self.tag_length = v.into();
        self
    }

    /// Sets the value of [ciphertext_crc32c][crate::model::RawDecryptRequest::ciphertext_crc32c].
    pub fn set_ciphertext_crc32c<T>(mut self, v: T) -> Self
    where
        T: std::convert::Into<wkt::Int64Value>,
    {
        self.ciphertext_crc32c = std::option::Option::Some(v.into());
        self
    }

    /// Sets or clears the value of [ciphertext_crc32c][crate::model::RawDecryptRequest::ciphertext_crc32c].
    pub fn set_or_clear_ciphertext_crc32c<T>(mut self, v: std::option::Option<T>) -> Self
    where
        T: std::convert::Into<wkt::Int64Value>,
    {
        self.ciphertext_crc32c = v.map(|x| x.into());
        self
    }

    /// Sets the value of [additional_authenticated_data_crc32c][crate::model::RawDecryptRequest::additional_authenticated_data_crc32c].
    pub fn set_additional_authenticated_data_crc32c<T>(mut self, v: T) -> Self
    where
        T: std::convert::Into<wkt::Int64Value>,
    {
        self.additional_authenticated_data_crc32c = std::option::Option::Some(v.into());
        self
    }

    /// Sets or clears the value of [additional_authenticated_data_crc32c][crate::model::RawDecryptRequest::additional_authenticated_data_crc32c].
    pub fn set_or_clear_additional_authenticated_data_crc32c<T>(
        mut self,
        v: std::option::Option<T>,
    ) -> Self
    where
        T: std::convert::Into<wkt::Int64Value>,
    {
        self.additional_authenticated_data_crc32c = v.map(|x| x.into());
        self
    }

    /// Sets the value of [initialization_vector_crc32c][crate::model::RawDecryptRequest::initialization_vector_crc32c].
    pub fn set_initialization_vector_crc32c<T>(mut self, v: T) -> Self
    where
        T: std::convert::Into<wkt::Int64Value>,
    {
        self.initialization_vector_crc32c = std::option::Option::Some(v.into());
        self
    }

    /// Sets or clears the value of [initialization_vector_crc32c][crate::model::RawDecryptRequest::initialization_vector_crc32c].
    pub fn set_or_clear_initialization_vector_crc32c<T>(mut self, v: std::option::Option<T>) -> Self
    where
        T: std::convert::Into<wkt::Int64Value>,
    {
        self.initialization_vector_crc32c = v.map(|x| x.into());
        self
    }
}

impl wkt::message::Message for RawDecryptRequest {
    fn typename() -> &'static str {
        "type.googleapis.com/google.cloud.kms.v1.RawDecryptRequest"
    }
}

/// Request message for
/// [KeyManagementService.AsymmetricSign][google.cloud.kms.v1.KeyManagementService.AsymmetricSign].
///
/// [google.cloud.kms.v1.KeyManagementService.AsymmetricSign]: crate::client::KeyManagementService::asymmetric_sign
#[derive(Clone, Default, PartialEq)]
#[non_exhaustive]
pub struct AsymmetricSignRequest {
    /// Required. The resource name of the
    /// [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] to use for
    /// signing.
    ///
    /// [google.cloud.kms.v1.CryptoKeyVersion]: crate::model::CryptoKeyVersion
    pub name: std::string::String,

    /// Optional. The digest of the data to sign. The digest must be produced with
    /// the same digest algorithm as specified by the key version's
    /// [algorithm][google.cloud.kms.v1.CryptoKeyVersion.algorithm].
    ///
    /// This field may not be supplied if
    /// [AsymmetricSignRequest.data][google.cloud.kms.v1.AsymmetricSignRequest.data]
    /// is supplied.
    ///
    /// [google.cloud.kms.v1.AsymmetricSignRequest.data]: crate::model::AsymmetricSignRequest::data
    /// [google.cloud.kms.v1.CryptoKeyVersion.algorithm]: crate::model::CryptoKeyVersion::algorithm
    pub digest: std::option::Option<crate::model::Digest>,

    /// Optional. An optional CRC32C checksum of the
    /// [AsymmetricSignRequest.digest][google.cloud.kms.v1.AsymmetricSignRequest.digest].
    /// If specified,
    /// [KeyManagementService][google.cloud.kms.v1.KeyManagementService] will
    /// verify the integrity of the received
    /// [AsymmetricSignRequest.digest][google.cloud.kms.v1.AsymmetricSignRequest.digest]
    /// using this checksum.
    /// [KeyManagementService][google.cloud.kms.v1.KeyManagementService] will
    /// report an error if the checksum verification fails. If you receive a
    /// checksum error, your client should verify that
    /// CRC32C([AsymmetricSignRequest.digest][google.cloud.kms.v1.AsymmetricSignRequest.digest])
    /// is equal to
    /// [AsymmetricSignRequest.digest_crc32c][google.cloud.kms.v1.AsymmetricSignRequest.digest_crc32c],
    /// and if so, perform a limited number of retries. A persistent mismatch may
    /// indicate an issue in your computation of the CRC32C checksum. Note: This
    /// field is defined as int64 for reasons of compatibility across different
    /// languages. However, it is a non-negative integer, which will never exceed
    /// 2^32-1, and can be safely downconverted to uint32 in languages that support
    /// this type.
    ///
    /// [google.cloud.kms.v1.AsymmetricSignRequest.digest]: crate::model::AsymmetricSignRequest::digest
    /// [google.cloud.kms.v1.AsymmetricSignRequest.digest_crc32c]: crate::model::AsymmetricSignRequest::digest_crc32c
    /// [google.cloud.kms.v1.KeyManagementService]: crate::client::KeyManagementService
    pub digest_crc32c: std::option::Option<wkt::Int64Value>,

    /// Optional. The data to sign.
    /// It can't be supplied if
    /// [AsymmetricSignRequest.digest][google.cloud.kms.v1.AsymmetricSignRequest.digest]
    /// is supplied.
    ///
    /// [google.cloud.kms.v1.AsymmetricSignRequest.digest]: crate::model::AsymmetricSignRequest::digest
    pub data: ::bytes::Bytes,

    /// Optional. An optional CRC32C checksum of the
    /// [AsymmetricSignRequest.data][google.cloud.kms.v1.AsymmetricSignRequest.data].
    /// If specified,
    /// [KeyManagementService][google.cloud.kms.v1.KeyManagementService] will
    /// verify the integrity of the received
    /// [AsymmetricSignRequest.data][google.cloud.kms.v1.AsymmetricSignRequest.data]
    /// using this checksum.
    /// [KeyManagementService][google.cloud.kms.v1.KeyManagementService] will
    /// report an error if the checksum verification fails. If you receive a
    /// checksum error, your client should verify that
    /// CRC32C([AsymmetricSignRequest.data][google.cloud.kms.v1.AsymmetricSignRequest.data])
    /// is equal to
    /// [AsymmetricSignRequest.data_crc32c][google.cloud.kms.v1.AsymmetricSignRequest.data_crc32c],
    /// and if so, perform a limited number of retries. A persistent mismatch may
    /// indicate an issue in your computation of the CRC32C checksum. Note: This
    /// field is defined as int64 for reasons of compatibility across different
    /// languages. However, it is a non-negative integer, which will never exceed
    /// 2^32-1, and can be safely downconverted to uint32 in languages that support
    /// this type.
    ///
    /// [google.cloud.kms.v1.AsymmetricSignRequest.data]: crate::model::AsymmetricSignRequest::data
    /// [google.cloud.kms.v1.AsymmetricSignRequest.data_crc32c]: crate::model::AsymmetricSignRequest::data_crc32c
    /// [google.cloud.kms.v1.KeyManagementService]: crate::client::KeyManagementService
    pub data_crc32c: std::option::Option<wkt::Int64Value>,

    pub(crate) _unknown_fields: serde_json::Map<std::string::String, serde_json::Value>,
}

impl AsymmetricSignRequest {
    pub fn new() -> Self {
        std::default::Default::default()
    }

    /// Sets the value of [name][crate::model::AsymmetricSignRequest::name].
    pub fn set_name<T: std::convert::Into<std::string::String>>(mut self, v: T) -> Self {
        self.name = v.into();
        self
    }

    /// Sets the value of [digest][crate::model::AsymmetricSignRequest::digest].
    pub fn set_digest<T>(mut self, v: T) -> Self
    where
        T: std::convert::Into<crate::model::Digest>,
    {
        self.digest = std::option::Option::Some(v.into());
        self
    }

    /// Sets or clears the value of [digest][crate::model::AsymmetricSignRequest::digest].
    pub fn set_or_clear_digest<T>(mut self, v: std::option::Option<T>) -> Self
    where
        T: std::convert::Into<crate::model::Digest>,
    {
        self.digest = v.map(|x| x.into());
        self
    }

    /// Sets the value of [digest_crc32c][crate::model::AsymmetricSignRequest::digest_crc32c].
    pub fn set_digest_crc32c<T>(mut self, v: T) -> Self
    where
        T: std::convert::Into<wkt::Int64Value>,
    {
        self.digest_crc32c = std::option::Option::Some(v.into());
        self
    }

    /// Sets or clears the value of [digest_crc32c][crate::model::AsymmetricSignRequest::digest_crc32c].
    pub fn set_or_clear_digest_crc32c<T>(mut self, v: std::option::Option<T>) -> Self
    where
        T: std::convert::Into<wkt::Int64Value>,
    {
        self.digest_crc32c = v.map(|x| x.into());
        self
    }

    /// Sets the value of [data][crate::model::AsymmetricSignRequest::data].
    pub fn set_data<T: std::convert::Into<::bytes::Bytes>>(mut self, v: T) -> Self {
        self.data = v.into();
        self
    }

    /// Sets the value of [data_crc32c][crate::model::AsymmetricSignRequest::data_crc32c].
    pub fn set_data_crc32c<T>(mut self, v: T) -> Self
    where
        T: std::convert::Into<wkt::Int64Value>,
    {
        self.data_crc32c = std::option::Option::Some(v.into());
        self
    }

    /// Sets or clears the value of [data_crc32c][crate::model::AsymmetricSignRequest::data_crc32c].
    pub fn set_or_clear_data_crc32c<T>(mut self, v: std::option::Option<T>) -> Self
    where
        T: std::convert::Into<wkt::Int64Value>,
    {
        self.data_crc32c = v.map(|x| x.into());
        self
    }
}

impl wkt::message::Message for AsymmetricSignRequest {
    fn typename() -> &'static str {
        "type.googleapis.com/google.cloud.kms.v1.AsymmetricSignRequest"
    }
}

/// Request message for
/// [KeyManagementService.AsymmetricDecrypt][google.cloud.kms.v1.KeyManagementService.AsymmetricDecrypt].
///
/// [google.cloud.kms.v1.KeyManagementService.AsymmetricDecrypt]: crate::client::KeyManagementService::asymmetric_decrypt
#[derive(Clone, Default, PartialEq)]
#[non_exhaustive]
pub struct AsymmetricDecryptRequest {
    /// Required. The resource name of the
    /// [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] to use for
    /// decryption.
    ///
    /// [google.cloud.kms.v1.CryptoKeyVersion]: crate::model::CryptoKeyVersion
    pub name: std::string::String,

    /// Required. The data encrypted with the named
    /// [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]'s public key using
    /// OAEP.
    ///
    /// [google.cloud.kms.v1.CryptoKeyVersion]: crate::model::CryptoKeyVersion
    pub ciphertext: ::bytes::Bytes,

    /// Optional. An optional CRC32C checksum of the
    /// [AsymmetricDecryptRequest.ciphertext][google.cloud.kms.v1.AsymmetricDecryptRequest.ciphertext].
    /// If specified,
    /// [KeyManagementService][google.cloud.kms.v1.KeyManagementService] will
    /// verify the integrity of the received
    /// [AsymmetricDecryptRequest.ciphertext][google.cloud.kms.v1.AsymmetricDecryptRequest.ciphertext]
    /// using this checksum.
    /// [KeyManagementService][google.cloud.kms.v1.KeyManagementService] will
    /// report an error if the checksum verification fails. If you receive a
    /// checksum error, your client should verify that
    /// CRC32C([AsymmetricDecryptRequest.ciphertext][google.cloud.kms.v1.AsymmetricDecryptRequest.ciphertext])
    /// is equal to
    /// [AsymmetricDecryptRequest.ciphertext_crc32c][google.cloud.kms.v1.AsymmetricDecryptRequest.ciphertext_crc32c],
    /// and if so, perform a limited number of retries. A persistent mismatch may
    /// indicate an issue in your computation of the CRC32C checksum. Note: This
    /// field is defined as int64 for reasons of compatibility across different
    /// languages. However, it is a non-negative integer, which will never exceed
    /// 2^32-1, and can be safely downconverted to uint32 in languages that support
    /// this type.
    ///
    /// [google.cloud.kms.v1.AsymmetricDecryptRequest.ciphertext]: crate::model::AsymmetricDecryptRequest::ciphertext
    /// [google.cloud.kms.v1.AsymmetricDecryptRequest.ciphertext_crc32c]: crate::model::AsymmetricDecryptRequest::ciphertext_crc32c
    /// [google.cloud.kms.v1.KeyManagementService]: crate::client::KeyManagementService
    pub ciphertext_crc32c: std::option::Option<wkt::Int64Value>,

    pub(crate) _unknown_fields: serde_json::Map<std::string::String, serde_json::Value>,
}

impl AsymmetricDecryptRequest {
    pub fn new() -> Self {
        std::default::Default::default()
    }

    /// Sets the value of [name][crate::model::AsymmetricDecryptRequest::name].
    pub fn set_name<T: std::convert::Into<std::string::String>>(mut self, v: T) -> Self {
        self.name = v.into();
        self
    }

    /// Sets the value of [ciphertext][crate::model::AsymmetricDecryptRequest::ciphertext].
    pub fn set_ciphertext<T: std::convert::Into<::bytes::Bytes>>(mut self, v: T) -> Self {
        self.ciphertext = v.into();
        self
    }

    /// Sets the value of [ciphertext_crc32c][crate::model::AsymmetricDecryptRequest::ciphertext_crc32c].
    pub fn set_ciphertext_crc32c<T>(mut self, v: T) -> Self
    where
        T: std::convert::Into<wkt::Int64Value>,
    {
        self.ciphertext_crc32c = std::option::Option::Some(v.into());
        self
    }

    /// Sets or clears the value of [ciphertext_crc32c][crate::model::AsymmetricDecryptRequest::ciphertext_crc32c].
    pub fn set_or_clear_ciphertext_crc32c<T>(mut self, v: std::option::Option<T>) -> Self
    where
        T: std::convert::Into<wkt::Int64Value>,
    {
        self.ciphertext_crc32c = v.map(|x| x.into());
        self
    }
}

impl wkt::message::Message for AsymmetricDecryptRequest {
    fn typename() -> &'static str {
        "type.googleapis.com/google.cloud.kms.v1.AsymmetricDecryptRequest"
    }
}

/// Request message for
/// [KeyManagementService.MacSign][google.cloud.kms.v1.KeyManagementService.MacSign].
///
/// [google.cloud.kms.v1.KeyManagementService.MacSign]: crate::client::KeyManagementService::mac_sign
#[derive(Clone, Default, PartialEq)]
#[non_exhaustive]
pub struct MacSignRequest {
    /// Required. The resource name of the
    /// [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] to use for
    /// signing.
    ///
    /// [google.cloud.kms.v1.CryptoKeyVersion]: crate::model::CryptoKeyVersion
    pub name: std::string::String,

    /// Required. The data to sign. The MAC tag is computed over this data field
    /// based on the specific algorithm.
    pub data: ::bytes::Bytes,

    /// Optional. An optional CRC32C checksum of the
    /// [MacSignRequest.data][google.cloud.kms.v1.MacSignRequest.data]. If
    /// specified, [KeyManagementService][google.cloud.kms.v1.KeyManagementService]
    /// will verify the integrity of the received
    /// [MacSignRequest.data][google.cloud.kms.v1.MacSignRequest.data] using this
    /// checksum. [KeyManagementService][google.cloud.kms.v1.KeyManagementService]
    /// will report an error if the checksum verification fails. If you receive a
    /// checksum error, your client should verify that
    /// CRC32C([MacSignRequest.data][google.cloud.kms.v1.MacSignRequest.data]) is
    /// equal to
    /// [MacSignRequest.data_crc32c][google.cloud.kms.v1.MacSignRequest.data_crc32c],
    /// and if so, perform a limited number of retries. A persistent mismatch may
    /// indicate an issue in your computation of the CRC32C checksum. Note: This
    /// field is defined as int64 for reasons of compatibility across different
    /// languages. However, it is a non-negative integer, which will never exceed
    /// 2^32-1, and can be safely downconverted to uint32 in languages that support
    /// this type.
    ///
    /// [google.cloud.kms.v1.KeyManagementService]: crate::client::KeyManagementService
    /// [google.cloud.kms.v1.MacSignRequest.data]: crate::model::MacSignRequest::data
    /// [google.cloud.kms.v1.MacSignRequest.data_crc32c]: crate::model::MacSignRequest::data_crc32c
    pub data_crc32c: std::option::Option<wkt::Int64Value>,

    pub(crate) _unknown_fields: serde_json::Map<std::string::String, serde_json::Value>,
}

impl MacSignRequest {
    pub fn new() -> Self {
        std::default::Default::default()
    }

    /// Sets the value of [name][crate::model::MacSignRequest::name].
    pub fn set_name<T: std::convert::Into<std::string::String>>(mut self, v: T) -> Self {
        self.name = v.into();
        self
    }

    /// Sets the value of [data][crate::model::MacSignRequest::data].
    pub fn set_data<T: std::convert::Into<::bytes::Bytes>>(mut self, v: T) -> Self {
        self.data = v.into();
        self
    }

    /// Sets the value of [data_crc32c][crate::model::MacSignRequest::data_crc32c].
    pub fn set_data_crc32c<T>(mut self, v: T) -> Self
    where
        T: std::convert::Into<wkt::Int64Value>,
    {
        self.data_crc32c = std::option::Option::Some(v.into());
        self
    }

    /// Sets or clears the value of [data_crc32c][crate::model::MacSignRequest::data_crc32c].
    pub fn set_or_clear_data_crc32c<T>(mut self, v: std::option::Option<T>) -> Self
    where
        T: std::convert::Into<wkt::Int64Value>,
    {
        self.data_crc32c = v.map(|x| x.into());
        self
    }
}

impl wkt::message::Message for MacSignRequest {
    fn typename() -> &'static str {
        "type.googleapis.com/google.cloud.kms.v1.MacSignRequest"
    }
}

/// Request message for
/// [KeyManagementService.MacVerify][google.cloud.kms.v1.KeyManagementService.MacVerify].
///
/// [google.cloud.kms.v1.KeyManagementService.MacVerify]: crate::client::KeyManagementService::mac_verify
#[derive(Clone, Default, PartialEq)]
#[non_exhaustive]
pub struct MacVerifyRequest {
    /// Required. The resource name of the
    /// [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] to use for
    /// verification.
    ///
    /// [google.cloud.kms.v1.CryptoKeyVersion]: crate::model::CryptoKeyVersion
    pub name: std::string::String,

    /// Required. The data used previously as a
    /// [MacSignRequest.data][google.cloud.kms.v1.MacSignRequest.data] to generate
    /// the MAC tag.
    ///
    /// [google.cloud.kms.v1.MacSignRequest.data]: crate::model::MacSignRequest::data
    pub data: ::bytes::Bytes,

    /// Optional. An optional CRC32C checksum of the
    /// [MacVerifyRequest.data][google.cloud.kms.v1.MacVerifyRequest.data]. If
    /// specified, [KeyManagementService][google.cloud.kms.v1.KeyManagementService]
    /// will verify the integrity of the received
    /// [MacVerifyRequest.data][google.cloud.kms.v1.MacVerifyRequest.data] using
    /// this checksum.
    /// [KeyManagementService][google.cloud.kms.v1.KeyManagementService] will
    /// report an error if the checksum verification fails. If you receive a
    /// checksum error, your client should verify that
    /// CRC32C([MacVerifyRequest.data][google.cloud.kms.v1.MacVerifyRequest.data])
    /// is equal to
    /// [MacVerifyRequest.data_crc32c][google.cloud.kms.v1.MacVerifyRequest.data_crc32c],
    /// and if so, perform a limited number of retries. A persistent mismatch may
    /// indicate an issue in your computation of the CRC32C checksum. Note: This
    /// field is defined as int64 for reasons of compatibility across different
    /// languages. However, it is a non-negative integer, which will never exceed
    /// 2^32-1, and can be safely downconverted to uint32 in languages that support
    /// this type.
    ///
    /// [google.cloud.kms.v1.KeyManagementService]: crate::client::KeyManagementService
    /// [google.cloud.kms.v1.MacVerifyRequest.data]: crate::model::MacVerifyRequest::data
    /// [google.cloud.kms.v1.MacVerifyRequest.data_crc32c]: crate::model::MacVerifyRequest::data_crc32c
    pub data_crc32c: std::option::Option<wkt::Int64Value>,

    /// Required. The signature to verify.
    pub mac: ::bytes::Bytes,

    /// Optional. An optional CRC32C checksum of the
    /// [MacVerifyRequest.mac][google.cloud.kms.v1.MacVerifyRequest.mac]. If
    /// specified, [KeyManagementService][google.cloud.kms.v1.KeyManagementService]
    /// will verify the integrity of the received
    /// [MacVerifyRequest.mac][google.cloud.kms.v1.MacVerifyRequest.mac] using this
    /// checksum. [KeyManagementService][google.cloud.kms.v1.KeyManagementService]
    /// will report an error if the checksum verification fails. If you receive a
    /// checksum error, your client should verify that
    /// CRC32C([MacVerifyRequest.mac][google.cloud.kms.v1.MacVerifyRequest.mac]) is
    /// equal to
    /// [MacVerifyRequest.mac_crc32c][google.cloud.kms.v1.MacVerifyRequest.mac_crc32c],
    /// and if so, perform a limited number of retries. A persistent mismatch may
    /// indicate an issue in your computation of the CRC32C checksum. Note: This
    /// field is defined as int64 for reasons of compatibility across different
    /// languages. However, it is a non-negative integer, which will never exceed
    /// 2^32-1, and can be safely downconverted to uint32 in languages that support
    /// this type.
    ///
    /// [google.cloud.kms.v1.KeyManagementService]: crate::client::KeyManagementService
    /// [google.cloud.kms.v1.MacVerifyRequest.mac]: crate::model::MacVerifyRequest::mac
    /// [google.cloud.kms.v1.MacVerifyRequest.mac_crc32c]: crate::model::MacVerifyRequest::mac_crc32c
    pub mac_crc32c: std::option::Option<wkt::Int64Value>,

    pub(crate) _unknown_fields: serde_json::Map<std::string::String, serde_json::Value>,
}

impl MacVerifyRequest {
    pub fn new() -> Self {
        std::default::Default::default()
    }

    /// Sets the value of [name][crate::model::MacVerifyRequest::name].
    pub fn set_name<T: std::convert::Into<std::string::String>>(mut self, v: T) -> Self {
        self.name = v.into();
        self
    }

    /// Sets the value of [data][crate::model::MacVerifyRequest::data].
    pub fn set_data<T: std::convert::Into<::bytes::Bytes>>(mut self, v: T) -> Self {
        self.data = v.into();
        self
    }

    /// Sets the value of [data_crc32c][crate::model::MacVerifyRequest::data_crc32c].
    pub fn set_data_crc32c<T>(mut self, v: T) -> Self
    where
        T: std::convert::Into<wkt::Int64Value>,
    {
        self.data_crc32c = std::option::Option::Some(v.into());
        self
    }

    /// Sets or clears the value of [data_crc32c][crate::model::MacVerifyRequest::data_crc32c].
    pub fn set_or_clear_data_crc32c<T>(mut self, v: std::option::Option<T>) -> Self
    where
        T: std::convert::Into<wkt::Int64Value>,
    {
        self.data_crc32c = v.map(|x| x.into());
        self
    }

    /// Sets the value of [mac][crate::model::MacVerifyRequest::mac].
    pub fn set_mac<T: std::convert::Into<::bytes::Bytes>>(mut self, v: T) -> Self {
        self.mac = v.into();
        self
    }

    /// Sets the value of [mac_crc32c][crate::model::MacVerifyRequest::mac_crc32c].
    pub fn set_mac_crc32c<T>(mut self, v: T) -> Self
    where
        T: std::convert::Into<wkt::Int64Value>,
    {
        self.mac_crc32c = std::option::Option::Some(v.into());
        self
    }

    /// Sets or clears the value of [mac_crc32c][crate::model::MacVerifyRequest::mac_crc32c].
    pub fn set_or_clear_mac_crc32c<T>(mut self, v: std::option::Option<T>) -> Self
    where
        T: std::convert::Into<wkt::Int64Value>,
    {
        self.mac_crc32c = v.map(|x| x.into());
        self
    }
}

impl wkt::message::Message for MacVerifyRequest {
    fn typename() -> &'static str {
        "type.googleapis.com/google.cloud.kms.v1.MacVerifyRequest"
    }
}

/// Request message for
/// [KeyManagementService.Decapsulate][google.cloud.kms.v1.KeyManagementService.Decapsulate].
///
/// [google.cloud.kms.v1.KeyManagementService.Decapsulate]: crate::client::KeyManagementService::decapsulate
#[derive(Clone, Default, PartialEq)]
#[non_exhaustive]
pub struct DecapsulateRequest {
    /// Required. The resource name of the
    /// [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] to use for
    /// decapsulation.
    ///
    /// [google.cloud.kms.v1.CryptoKeyVersion]: crate::model::CryptoKeyVersion
    pub name: std::string::String,

    /// Required. The ciphertext produced from encapsulation with the
    /// named [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] public
    /// key(s).
    ///
    /// [google.cloud.kms.v1.CryptoKeyVersion]: crate::model::CryptoKeyVersion
    pub ciphertext: ::bytes::Bytes,

    /// Optional. A CRC32C checksum of the
    /// [DecapsulateRequest.ciphertext][google.cloud.kms.v1.DecapsulateRequest.ciphertext].
    /// If specified,
    /// [KeyManagementService][google.cloud.kms.v1.KeyManagementService] will
    /// verify the integrity of the received
    /// [DecapsulateRequest.ciphertext][google.cloud.kms.v1.DecapsulateRequest.ciphertext]
    /// using this checksum.
    /// [KeyManagementService][google.cloud.kms.v1.KeyManagementService] will
    /// report an error if the checksum verification fails. If you receive a
    /// checksum error, your client should verify that
    /// CRC32C([DecapsulateRequest.ciphertext][google.cloud.kms.v1.DecapsulateRequest.ciphertext])
    /// is equal to
    /// [DecapsulateRequest.ciphertext_crc32c][google.cloud.kms.v1.DecapsulateRequest.ciphertext_crc32c],
    /// and if so, perform a limited number of retries. A persistent mismatch may
    /// indicate an issue in your computation of the CRC32C checksum. Note: This
    /// field is defined as int64 for reasons of compatibility across different
    /// languages. However, it is a non-negative integer, which will never exceed
    /// 2^32-1, and can be safely downconverted to uint32 in languages that support
    /// this type.
    ///
    /// [google.cloud.kms.v1.DecapsulateRequest.ciphertext]: crate::model::DecapsulateRequest::ciphertext
    /// [google.cloud.kms.v1.DecapsulateRequest.ciphertext_crc32c]: crate::model::DecapsulateRequest::ciphertext_crc32c
    /// [google.cloud.kms.v1.KeyManagementService]: crate::client::KeyManagementService
    pub ciphertext_crc32c: std::option::Option<wkt::Int64Value>,

    pub(crate) _unknown_fields: serde_json::Map<std::string::String, serde_json::Value>,
}

impl DecapsulateRequest {
    pub fn new() -> Self {
        std::default::Default::default()
    }

    /// Sets the value of [name][crate::model::DecapsulateRequest::name].
    pub fn set_name<T: std::convert::Into<std::string::String>>(mut self, v: T) -> Self {
        self.name = v.into();
        self
    }

    /// Sets the value of [ciphertext][crate::model::DecapsulateRequest::ciphertext].
    pub fn set_ciphertext<T: std::convert::Into<::bytes::Bytes>>(mut self, v: T) -> Self {
        self.ciphertext = v.into();
        self
    }

    /// Sets the value of [ciphertext_crc32c][crate::model::DecapsulateRequest::ciphertext_crc32c].
    pub fn set_ciphertext_crc32c<T>(mut self, v: T) -> Self
    where
        T: std::convert::Into<wkt::Int64Value>,
    {
        self.ciphertext_crc32c = std::option::Option::Some(v.into());
        self
    }

    /// Sets or clears the value of [ciphertext_crc32c][crate::model::DecapsulateRequest::ciphertext_crc32c].
    pub fn set_or_clear_ciphertext_crc32c<T>(mut self, v: std::option::Option<T>) -> Self
    where
        T: std::convert::Into<wkt::Int64Value>,
    {
        self.ciphertext_crc32c = v.map(|x| x.into());
        self
    }
}

impl wkt::message::Message for DecapsulateRequest {
    fn typename() -> &'static str {
        "type.googleapis.com/google.cloud.kms.v1.DecapsulateRequest"
    }
}

/// Request message for
/// [KeyManagementService.GenerateRandomBytes][google.cloud.kms.v1.KeyManagementService.GenerateRandomBytes].
///
/// [google.cloud.kms.v1.KeyManagementService.GenerateRandomBytes]: crate::client::KeyManagementService::generate_random_bytes
#[derive(Clone, Default, PartialEq)]
#[non_exhaustive]
pub struct GenerateRandomBytesRequest {
    /// The project-specific location in which to generate random bytes.
    /// For example, "projects/my-project/locations/us-central1".
    pub location: std::string::String,

    /// The length in bytes of the amount of randomness to retrieve.  Minimum 8
    /// bytes, maximum 1024 bytes.
    pub length_bytes: i32,

    /// The [ProtectionLevel][google.cloud.kms.v1.ProtectionLevel] to use when
    /// generating the random data. Currently, only
    /// [HSM][google.cloud.kms.v1.ProtectionLevel.HSM] protection level is
    /// supported.
    ///
    /// [google.cloud.kms.v1.ProtectionLevel]: crate::model::ProtectionLevel
    /// [google.cloud.kms.v1.ProtectionLevel.HSM]: crate::model::ProtectionLevel::Hsm
    pub protection_level: crate::model::ProtectionLevel,

    pub(crate) _unknown_fields: serde_json::Map<std::string::String, serde_json::Value>,
}

impl GenerateRandomBytesRequest {
    pub fn new() -> Self {
        std::default::Default::default()
    }

    /// Sets the value of [location][crate::model::GenerateRandomBytesRequest::location].
    pub fn set_location<T: std::convert::Into<std::string::String>>(mut self, v: T) -> Self {
        self.location = v.into();
        self
    }

    /// Sets the value of [length_bytes][crate::model::GenerateRandomBytesRequest::length_bytes].
    pub fn set_length_bytes<T: std::convert::Into<i32>>(mut self, v: T) -> Self {
        self.length_bytes = v.into();
        self
    }

    /// Sets the value of [protection_level][crate::model::GenerateRandomBytesRequest::protection_level].
    pub fn set_protection_level<T: std::convert::Into<crate::model::ProtectionLevel>>(
        mut self,
        v: T,
    ) -> Self {
        self.protection_level = v.into();
        self
    }
}

impl wkt::message::Message for GenerateRandomBytesRequest {
    fn typename() -> &'static str {
        "type.googleapis.com/google.cloud.kms.v1.GenerateRandomBytesRequest"
    }
}

/// Response message for
/// [KeyManagementService.Encrypt][google.cloud.kms.v1.KeyManagementService.Encrypt].
///
/// [google.cloud.kms.v1.KeyManagementService.Encrypt]: crate::client::KeyManagementService::encrypt
#[derive(Clone, Default, PartialEq)]
#[non_exhaustive]
pub struct EncryptResponse {
    /// The resource name of the
    /// [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] used in
    /// encryption. Check this field to verify that the intended resource was used
    /// for encryption.
    ///
    /// [google.cloud.kms.v1.CryptoKeyVersion]: crate::model::CryptoKeyVersion
    pub name: std::string::String,

    /// The encrypted data.
    pub ciphertext: ::bytes::Bytes,

    /// Integrity verification field. A CRC32C checksum of the returned
    /// [EncryptResponse.ciphertext][google.cloud.kms.v1.EncryptResponse.ciphertext].
    /// An integrity check of
    /// [EncryptResponse.ciphertext][google.cloud.kms.v1.EncryptResponse.ciphertext]
    /// can be performed by computing the CRC32C checksum of
    /// [EncryptResponse.ciphertext][google.cloud.kms.v1.EncryptResponse.ciphertext]
    /// and comparing your results to this field. Discard the response in case of
    /// non-matching checksum values, and perform a limited number of retries. A
    /// persistent mismatch may indicate an issue in your computation of the CRC32C
    /// checksum. Note: This field is defined as int64 for reasons of compatibility
    /// across different languages. However, it is a non-negative integer, which
    /// will never exceed 2^32-1, and can be safely downconverted to uint32 in
    /// languages that support this type.
    ///
    /// [google.cloud.kms.v1.EncryptResponse.ciphertext]: crate::model::EncryptResponse::ciphertext
    pub ciphertext_crc32c: std::option::Option<wkt::Int64Value>,

    /// Integrity verification field. A flag indicating whether
    /// [EncryptRequest.plaintext_crc32c][google.cloud.kms.v1.EncryptRequest.plaintext_crc32c]
    /// was received by
    /// [KeyManagementService][google.cloud.kms.v1.KeyManagementService] and used
    /// for the integrity verification of the
    /// [plaintext][google.cloud.kms.v1.EncryptRequest.plaintext]. A false value of
    /// this field indicates either that
    /// [EncryptRequest.plaintext_crc32c][google.cloud.kms.v1.EncryptRequest.plaintext_crc32c]
    /// was left unset or that it was not delivered to
    /// [KeyManagementService][google.cloud.kms.v1.KeyManagementService]. If you've
    /// set
    /// [EncryptRequest.plaintext_crc32c][google.cloud.kms.v1.EncryptRequest.plaintext_crc32c]
    /// but this field is still false, discard the response and perform a limited
    /// number of retries.
    ///
    /// [google.cloud.kms.v1.EncryptRequest.plaintext]: crate::model::EncryptRequest::plaintext
    /// [google.cloud.kms.v1.EncryptRequest.plaintext_crc32c]: crate::model::EncryptRequest::plaintext_crc32c
    /// [google.cloud.kms.v1.KeyManagementService]: crate::client::KeyManagementService
    pub verified_plaintext_crc32c: bool,

    /// Integrity verification field. A flag indicating whether
    /// [EncryptRequest.additional_authenticated_data_crc32c][google.cloud.kms.v1.EncryptRequest.additional_authenticated_data_crc32c]
    /// was received by
    /// [KeyManagementService][google.cloud.kms.v1.KeyManagementService] and used
    /// for the integrity verification of the
    /// [AAD][google.cloud.kms.v1.EncryptRequest.additional_authenticated_data]. A
    /// false value of this field indicates either that
    /// [EncryptRequest.additional_authenticated_data_crc32c][google.cloud.kms.v1.EncryptRequest.additional_authenticated_data_crc32c]
    /// was left unset or that it was not delivered to
    /// [KeyManagementService][google.cloud.kms.v1.KeyManagementService]. If you've
    /// set
    /// [EncryptRequest.additional_authenticated_data_crc32c][google.cloud.kms.v1.EncryptRequest.additional_authenticated_data_crc32c]
    /// but this field is still false, discard the response and perform a limited
    /// number of retries.
    ///
    /// [google.cloud.kms.v1.EncryptRequest.additional_authenticated_data]: crate::model::EncryptRequest::additional_authenticated_data
    /// [google.cloud.kms.v1.EncryptRequest.additional_authenticated_data_crc32c]: crate::model::EncryptRequest::additional_authenticated_data_crc32c
    /// [google.cloud.kms.v1.KeyManagementService]: crate::client::KeyManagementService
    pub verified_additional_authenticated_data_crc32c: bool,

    /// The [ProtectionLevel][google.cloud.kms.v1.ProtectionLevel] of the
    /// [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] used in
    /// encryption.
    ///
    /// [google.cloud.kms.v1.CryptoKeyVersion]: crate::model::CryptoKeyVersion
    /// [google.cloud.kms.v1.ProtectionLevel]: crate::model::ProtectionLevel
    pub protection_level: crate::model::ProtectionLevel,

    pub(crate) _unknown_fields: serde_json::Map<std::string::String, serde_json::Value>,
}

impl EncryptResponse {
    pub fn new() -> Self {
        std::default::Default::default()
    }

    /// Sets the value of [name][crate::model::EncryptResponse::name].
    pub fn set_name<T: std::convert::Into<std::string::String>>(mut self, v: T) -> Self {
        self.name = v.into();
        self
    }

    /// Sets the value of [ciphertext][crate::model::EncryptResponse::ciphertext].
    pub fn set_ciphertext<T: std::convert::Into<::bytes::Bytes>>(mut self, v: T) -> Self {
        self.ciphertext = v.into();
        self
    }

    /// Sets the value of [ciphertext_crc32c][crate::model::EncryptResponse::ciphertext_crc32c].
    pub fn set_ciphertext_crc32c<T>(mut self, v: T) -> Self
    where
        T: std::convert::Into<wkt::Int64Value>,
    {
        self.ciphertext_crc32c = std::option::Option::Some(v.into());
        self
    }

    /// Sets or clears the value of [ciphertext_crc32c][crate::model::EncryptResponse::ciphertext_crc32c].
    pub fn set_or_clear_ciphertext_crc32c<T>(mut self, v: std::option::Option<T>) -> Self
    where
        T: std::convert::Into<wkt::Int64Value>,
    {
        self.ciphertext_crc32c = v.map(|x| x.into());
        self
    }

    /// Sets the value of [verified_plaintext_crc32c][crate::model::EncryptResponse::verified_plaintext_crc32c].
    pub fn set_verified_plaintext_crc32c<T: std::convert::Into<bool>>(mut self, v: T) -> Self {
        self.verified_plaintext_crc32c = v.into();
        self
    }

    /// Sets the value of [verified_additional_authenticated_data_crc32c][crate::model::EncryptResponse::verified_additional_authenticated_data_crc32c].
    pub fn set_verified_additional_authenticated_data_crc32c<T: std::convert::Into<bool>>(
        mut self,
        v: T,
    ) -> Self {
        self.verified_additional_authenticated_data_crc32c = v.into();
        self
    }

    /// Sets the value of [protection_level][crate::model::EncryptResponse::protection_level].
    pub fn set_protection_level<T: std::convert::Into<crate::model::ProtectionLevel>>(
        mut self,
        v: T,
    ) -> Self {
        self.protection_level = v.into();
        self
    }
}

impl wkt::message::Message for EncryptResponse {
    fn typename() -> &'static str {
        "type.googleapis.com/google.cloud.kms.v1.EncryptResponse"
    }
}

/// Response message for
/// [KeyManagementService.Decrypt][google.cloud.kms.v1.KeyManagementService.Decrypt].
///
/// [google.cloud.kms.v1.KeyManagementService.Decrypt]: crate::client::KeyManagementService::decrypt
#[derive(Clone, Default, PartialEq)]
#[non_exhaustive]
pub struct DecryptResponse {
    /// The decrypted data originally supplied in
    /// [EncryptRequest.plaintext][google.cloud.kms.v1.EncryptRequest.plaintext].
    ///
    /// [google.cloud.kms.v1.EncryptRequest.plaintext]: crate::model::EncryptRequest::plaintext
    pub plaintext: ::bytes::Bytes,

    /// Integrity verification field. A CRC32C checksum of the returned
    /// [DecryptResponse.plaintext][google.cloud.kms.v1.DecryptResponse.plaintext].
    /// An integrity check of
    /// [DecryptResponse.plaintext][google.cloud.kms.v1.DecryptResponse.plaintext]
    /// can be performed by computing the CRC32C checksum of
    /// [DecryptResponse.plaintext][google.cloud.kms.v1.DecryptResponse.plaintext]
    /// and comparing your results to this field. Discard the response in case of
    /// non-matching checksum values, and perform a limited number of retries. A
    /// persistent mismatch may indicate an issue in your computation of the CRC32C
    /// checksum. Note: receiving this response message indicates that
    /// [KeyManagementService][google.cloud.kms.v1.KeyManagementService] is able to
    /// successfully decrypt the
    /// [ciphertext][google.cloud.kms.v1.DecryptRequest.ciphertext]. Note: This
    /// field is defined as int64 for reasons of compatibility across different
    /// languages. However, it is a non-negative integer, which will never exceed
    /// 2^32-1, and can be safely downconverted to uint32 in languages that support
    /// this type.
    ///
    /// [google.cloud.kms.v1.DecryptRequest.ciphertext]: crate::model::DecryptRequest::ciphertext
    /// [google.cloud.kms.v1.DecryptResponse.plaintext]: crate::model::DecryptResponse::plaintext
    /// [google.cloud.kms.v1.KeyManagementService]: crate::client::KeyManagementService
    pub plaintext_crc32c: std::option::Option<wkt::Int64Value>,

    /// Whether the Decryption was performed using the primary key version.
    pub used_primary: bool,

    /// The [ProtectionLevel][google.cloud.kms.v1.ProtectionLevel] of the
    /// [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] used in
    /// decryption.
    ///
    /// [google.cloud.kms.v1.CryptoKeyVersion]: crate::model::CryptoKeyVersion
    /// [google.cloud.kms.v1.ProtectionLevel]: crate::model::ProtectionLevel
    pub protection_level: crate::model::ProtectionLevel,

    pub(crate) _unknown_fields: serde_json::Map<std::string::String, serde_json::Value>,
}

impl DecryptResponse {
    pub fn new() -> Self {
        std::default::Default::default()
    }

    /// Sets the value of [plaintext][crate::model::DecryptResponse::plaintext].
    pub fn set_plaintext<T: std::convert::Into<::bytes::Bytes>>(mut self, v: T) -> Self {
        self.plaintext = v.into();
        self
    }

    /// Sets the value of [plaintext_crc32c][crate::model::DecryptResponse::plaintext_crc32c].
    pub fn set_plaintext_crc32c<T>(mut self, v: T) -> Self
    where
        T: std::convert::Into<wkt::Int64Value>,
    {
        self.plaintext_crc32c = std::option::Option::Some(v.into());
        self
    }

    /// Sets or clears the value of [plaintext_crc32c][crate::model::DecryptResponse::plaintext_crc32c].
    pub fn set_or_clear_plaintext_crc32c<T>(mut self, v: std::option::Option<T>) -> Self
    where
        T: std::convert::Into<wkt::Int64Value>,
    {
        self.plaintext_crc32c = v.map(|x| x.into());
        self
    }

    /// Sets the value of [used_primary][crate::model::DecryptResponse::used_primary].
    pub fn set_used_primary<T: std::convert::Into<bool>>(mut self, v: T) -> Self {
        self.used_primary = v.into();
        self
    }

    /// Sets the value of [protection_level][crate::model::DecryptResponse::protection_level].
    pub fn set_protection_level<T: std::convert::Into<crate::model::ProtectionLevel>>(
        mut self,
        v: T,
    ) -> Self {
        self.protection_level = v.into();
        self
    }
}

impl wkt::message::Message for DecryptResponse {
    fn typename() -> &'static str {
        "type.googleapis.com/google.cloud.kms.v1.DecryptResponse"
    }
}

/// Response message for
/// [KeyManagementService.RawEncrypt][google.cloud.kms.v1.KeyManagementService.RawEncrypt].
///
/// [google.cloud.kms.v1.KeyManagementService.RawEncrypt]: crate::client::KeyManagementService::raw_encrypt
#[derive(Clone, Default, PartialEq)]
#[non_exhaustive]
pub struct RawEncryptResponse {
    /// The encrypted data. In the case of AES-GCM, the authentication tag
    /// is the [tag_length][google.cloud.kms.v1.RawEncryptResponse.tag_length]
    /// bytes at the end of this field.
    ///
    /// [google.cloud.kms.v1.RawEncryptResponse.tag_length]: crate::model::RawEncryptResponse::tag_length
    pub ciphertext: ::bytes::Bytes,

    /// The initialization vector (IV) generated by the service during
    /// encryption. This value must be stored and provided in
    /// [RawDecryptRequest.initialization_vector][google.cloud.kms.v1.RawDecryptRequest.initialization_vector]
    /// at decryption time.
    ///
    /// [google.cloud.kms.v1.RawDecryptRequest.initialization_vector]: crate::model::RawDecryptRequest::initialization_vector
    pub initialization_vector: ::bytes::Bytes,

    /// The length of the authentication tag that is appended to
    /// the end of the ciphertext.
    pub tag_length: i32,

    /// Integrity verification field. A CRC32C checksum of the returned
    /// [RawEncryptResponse.ciphertext][google.cloud.kms.v1.RawEncryptResponse.ciphertext].
    /// An integrity check of ciphertext can be performed by computing the CRC32C
    /// checksum of ciphertext and comparing your results to this field. Discard
    /// the response in case of non-matching checksum values, and perform a limited
    /// number of retries. A persistent mismatch may indicate an issue in your
    /// computation of the CRC32C checksum. Note: This field is defined as int64
    /// for reasons of compatibility across different languages. However, it is a
    /// non-negative integer, which will never exceed 2^32-1, and can be safely
    /// downconverted to uint32 in languages that support this type.
    ///
    /// [google.cloud.kms.v1.RawEncryptResponse.ciphertext]: crate::model::RawEncryptResponse::ciphertext
    pub ciphertext_crc32c: std::option::Option<wkt::Int64Value>,

    /// Integrity verification field. A CRC32C checksum of the returned
    /// [RawEncryptResponse.initialization_vector][google.cloud.kms.v1.RawEncryptResponse.initialization_vector].
    /// An integrity check of initialization_vector can be performed by computing
    /// the CRC32C checksum of initialization_vector and comparing your results to
    /// this field. Discard the response in case of non-matching checksum values,
    /// and perform a limited number of retries. A persistent mismatch may indicate
    /// an issue in your computation of the CRC32C checksum. Note: This field is
    /// defined as int64 for reasons of compatibility across different languages.
    /// However, it is a non-negative integer, which will never exceed 2^32-1, and
    /// can be safely downconverted to uint32 in languages that support this type.
    ///
    /// [google.cloud.kms.v1.RawEncryptResponse.initialization_vector]: crate::model::RawEncryptResponse::initialization_vector
    pub initialization_vector_crc32c: std::option::Option<wkt::Int64Value>,

    /// Integrity verification field. A flag indicating whether
    /// [RawEncryptRequest.plaintext_crc32c][google.cloud.kms.v1.RawEncryptRequest.plaintext_crc32c]
    /// was received by
    /// [KeyManagementService][google.cloud.kms.v1.KeyManagementService] and used
    /// for the integrity verification of the plaintext. A false value of this
    /// field indicates either that
    /// [RawEncryptRequest.plaintext_crc32c][google.cloud.kms.v1.RawEncryptRequest.plaintext_crc32c]
    /// was left unset or that it was not delivered to
    /// [KeyManagementService][google.cloud.kms.v1.KeyManagementService]. If you've
    /// set
    /// [RawEncryptRequest.plaintext_crc32c][google.cloud.kms.v1.RawEncryptRequest.plaintext_crc32c]
    /// but this field is still false, discard the response and perform a limited
    /// number of retries.
    ///
    /// [google.cloud.kms.v1.KeyManagementService]: crate::client::KeyManagementService
    /// [google.cloud.kms.v1.RawEncryptRequest.plaintext_crc32c]: crate::model::RawEncryptRequest::plaintext_crc32c
    pub verified_plaintext_crc32c: bool,

    /// Integrity verification field. A flag indicating whether
    /// [RawEncryptRequest.additional_authenticated_data_crc32c][google.cloud.kms.v1.RawEncryptRequest.additional_authenticated_data_crc32c]
    /// was received by
    /// [KeyManagementService][google.cloud.kms.v1.KeyManagementService] and used
    /// for the integrity verification of additional_authenticated_data. A false
    /// value of this field indicates either that //
    /// [RawEncryptRequest.additional_authenticated_data_crc32c][google.cloud.kms.v1.RawEncryptRequest.additional_authenticated_data_crc32c]
    /// was left unset or that it was not delivered to
    /// [KeyManagementService][google.cloud.kms.v1.KeyManagementService]. If you've
    /// set
    /// [RawEncryptRequest.additional_authenticated_data_crc32c][google.cloud.kms.v1.RawEncryptRequest.additional_authenticated_data_crc32c]
    /// but this field is still false, discard the response and perform a limited
    /// number of retries.
    ///
    /// [google.cloud.kms.v1.KeyManagementService]: crate::client::KeyManagementService
    /// [google.cloud.kms.v1.RawEncryptRequest.additional_authenticated_data_crc32c]: crate::model::RawEncryptRequest::additional_authenticated_data_crc32c
    pub verified_additional_authenticated_data_crc32c: bool,

    /// Integrity verification field. A flag indicating whether
    /// [RawEncryptRequest.initialization_vector_crc32c][google.cloud.kms.v1.RawEncryptRequest.initialization_vector_crc32c]
    /// was received by
    /// [KeyManagementService][google.cloud.kms.v1.KeyManagementService] and used
    /// for the integrity verification of initialization_vector. A false value of
    /// this field indicates either that
    /// [RawEncryptRequest.initialization_vector_crc32c][google.cloud.kms.v1.RawEncryptRequest.initialization_vector_crc32c]
    /// was left unset or that it was not delivered to
    /// [KeyManagementService][google.cloud.kms.v1.KeyManagementService]. If you've
    /// set
    /// [RawEncryptRequest.initialization_vector_crc32c][google.cloud.kms.v1.RawEncryptRequest.initialization_vector_crc32c]
    /// but this field is still false, discard the response and perform a limited
    /// number of retries.
    ///
    /// [google.cloud.kms.v1.KeyManagementService]: crate::client::KeyManagementService
    /// [google.cloud.kms.v1.RawEncryptRequest.initialization_vector_crc32c]: crate::model::RawEncryptRequest::initialization_vector_crc32c
    pub verified_initialization_vector_crc32c: bool,

    /// The resource name of the
    /// [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] used in
    /// encryption. Check this field to verify that the intended resource was used
    /// for encryption.
    ///
    /// [google.cloud.kms.v1.CryptoKeyVersion]: crate::model::CryptoKeyVersion
    pub name: std::string::String,

    /// The [ProtectionLevel][google.cloud.kms.v1.ProtectionLevel] of the
    /// [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] used in
    /// encryption.
    ///
    /// [google.cloud.kms.v1.CryptoKeyVersion]: crate::model::CryptoKeyVersion
    /// [google.cloud.kms.v1.ProtectionLevel]: crate::model::ProtectionLevel
    pub protection_level: crate::model::ProtectionLevel,

    pub(crate) _unknown_fields: serde_json::Map<std::string::String, serde_json::Value>,
}

impl RawEncryptResponse {
    pub fn new() -> Self {
        std::default::Default::default()
    }

    /// Sets the value of [ciphertext][crate::model::RawEncryptResponse::ciphertext].
    pub fn set_ciphertext<T: std::convert::Into<::bytes::Bytes>>(mut self, v: T) -> Self {
        self.ciphertext = v.into();
        self
    }

    /// Sets the value of [initialization_vector][crate::model::RawEncryptResponse::initialization_vector].
    pub fn set_initialization_vector<T: std::convert::Into<::bytes::Bytes>>(
        mut self,
        v: T,
    ) -> Self {
        self.initialization_vector = v.into();
        self
    }

    /// Sets the value of [tag_length][crate::model::RawEncryptResponse::tag_length].
    pub fn set_tag_length<T: std::convert::Into<i32>>(mut self, v: T) -> Self {
        self.tag_length = v.into();
        self
    }

    /// Sets the value of [ciphertext_crc32c][crate::model::RawEncryptResponse::ciphertext_crc32c].
    pub fn set_ciphertext_crc32c<T>(mut self, v: T) -> Self
    where
        T: std::convert::Into<wkt::Int64Value>,
    {
        self.ciphertext_crc32c = std::option::Option::Some(v.into());
        self
    }

    /// Sets or clears the value of [ciphertext_crc32c][crate::model::RawEncryptResponse::ciphertext_crc32c].
    pub fn set_or_clear_ciphertext_crc32c<T>(mut self, v: std::option::Option<T>) -> Self
    where
        T: std::convert::Into<wkt::Int64Value>,
    {
        self.ciphertext_crc32c = v.map(|x| x.into());
        self
    }

    /// Sets the value of [initialization_vector_crc32c][crate::model::RawEncryptResponse::initialization_vector_crc32c].
    pub fn set_initialization_vector_crc32c<T>(mut self, v: T) -> Self
    where
        T: std::convert::Into<wkt::Int64Value>,
    {
        self.initialization_vector_crc32c = std::option::Option::Some(v.into());
        self
    }

    /// Sets or clears the value of [initialization_vector_crc32c][crate::model::RawEncryptResponse::initialization_vector_crc32c].
    pub fn set_or_clear_initialization_vector_crc32c<T>(mut self, v: std::option::Option<T>) -> Self
    where
        T: std::convert::Into<wkt::Int64Value>,
    {
        self.initialization_vector_crc32c = v.map(|x| x.into());
        self
    }

    /// Sets the value of [verified_plaintext_crc32c][crate::model::RawEncryptResponse::verified_plaintext_crc32c].
    pub fn set_verified_plaintext_crc32c<T: std::convert::Into<bool>>(mut self, v: T) -> Self {
        self.verified_plaintext_crc32c = v.into();
        self
    }

    /// Sets the value of [verified_additional_authenticated_data_crc32c][crate::model::RawEncryptResponse::verified_additional_authenticated_data_crc32c].
    pub fn set_verified_additional_authenticated_data_crc32c<T: std::convert::Into<bool>>(
        mut self,
        v: T,
    ) -> Self {
        self.verified_additional_authenticated_data_crc32c = v.into();
        self
    }

    /// Sets the value of [verified_initialization_vector_crc32c][crate::model::RawEncryptResponse::verified_initialization_vector_crc32c].
    pub fn set_verified_initialization_vector_crc32c<T: std::convert::Into<bool>>(
        mut self,
        v: T,
    ) -> Self {
        self.verified_initialization_vector_crc32c = v.into();
        self
    }

    /// Sets the value of [name][crate::model::RawEncryptResponse::name].
    pub fn set_name<T: std::convert::Into<std::string::String>>(mut self, v: T) -> Self {
        self.name = v.into();
        self
    }

    /// Sets the value of [protection_level][crate::model::RawEncryptResponse::protection_level].
    pub fn set_protection_level<T: std::convert::Into<crate::model::ProtectionLevel>>(
        mut self,
        v: T,
    ) -> Self {
        self.protection_level = v.into();
        self
    }
}

impl wkt::message::Message for RawEncryptResponse {
    fn typename() -> &'static str {
        "type.googleapis.com/google.cloud.kms.v1.RawEncryptResponse"
    }
}

/// Response message for
/// [KeyManagementService.RawDecrypt][google.cloud.kms.v1.KeyManagementService.RawDecrypt].
///
/// [google.cloud.kms.v1.KeyManagementService.RawDecrypt]: crate::client::KeyManagementService::raw_decrypt
#[derive(Clone, Default, PartialEq)]
#[non_exhaustive]
pub struct RawDecryptResponse {
    /// The decrypted data.
    pub plaintext: ::bytes::Bytes,

    /// Integrity verification field. A CRC32C checksum of the returned
    /// [RawDecryptResponse.plaintext][google.cloud.kms.v1.RawDecryptResponse.plaintext].
    /// An integrity check of plaintext can be performed by computing the CRC32C
    /// checksum of plaintext and comparing your results to this field. Discard the
    /// response in case of non-matching checksum values, and perform a limited
    /// number of retries. A persistent mismatch may indicate an issue in your
    /// computation of the CRC32C checksum. Note: receiving this response message
    /// indicates that
    /// [KeyManagementService][google.cloud.kms.v1.KeyManagementService] is able to
    /// successfully decrypt the
    /// [ciphertext][google.cloud.kms.v1.RawDecryptRequest.ciphertext].
    /// Note: This field is defined as int64 for reasons of compatibility across
    /// different languages. However, it is a non-negative integer, which will
    /// never exceed 2^32-1, and can be safely downconverted to uint32 in languages
    /// that support this type.
    ///
    /// [google.cloud.kms.v1.KeyManagementService]: crate::client::KeyManagementService
    /// [google.cloud.kms.v1.RawDecryptRequest.ciphertext]: crate::model::RawDecryptRequest::ciphertext
    /// [google.cloud.kms.v1.RawDecryptResponse.plaintext]: crate::model::RawDecryptResponse::plaintext
    pub plaintext_crc32c: std::option::Option<wkt::Int64Value>,

    /// The [ProtectionLevel][google.cloud.kms.v1.ProtectionLevel] of the
    /// [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] used in
    /// decryption.
    ///
    /// [google.cloud.kms.v1.CryptoKeyVersion]: crate::model::CryptoKeyVersion
    /// [google.cloud.kms.v1.ProtectionLevel]: crate::model::ProtectionLevel
    pub protection_level: crate::model::ProtectionLevel,

    /// Integrity verification field. A flag indicating whether
    /// [RawDecryptRequest.ciphertext_crc32c][google.cloud.kms.v1.RawDecryptRequest.ciphertext_crc32c]
    /// was received by
    /// [KeyManagementService][google.cloud.kms.v1.KeyManagementService] and used
    /// for the integrity verification of the ciphertext. A false value of this
    /// field indicates either that
    /// [RawDecryptRequest.ciphertext_crc32c][google.cloud.kms.v1.RawDecryptRequest.ciphertext_crc32c]
    /// was left unset or that it was not delivered to
    /// [KeyManagementService][google.cloud.kms.v1.KeyManagementService]. If you've
    /// set
    /// [RawDecryptRequest.ciphertext_crc32c][google.cloud.kms.v1.RawDecryptRequest.ciphertext_crc32c]
    /// but this field is still false, discard the response and perform a limited
    /// number of retries.
    ///
    /// [google.cloud.kms.v1.KeyManagementService]: crate::client::KeyManagementService
    /// [google.cloud.kms.v1.RawDecryptRequest.ciphertext_crc32c]: crate::model::RawDecryptRequest::ciphertext_crc32c
    pub verified_ciphertext_crc32c: bool,

    /// Integrity verification field. A flag indicating whether
    /// [RawDecryptRequest.additional_authenticated_data_crc32c][google.cloud.kms.v1.RawDecryptRequest.additional_authenticated_data_crc32c]
    /// was received by
    /// [KeyManagementService][google.cloud.kms.v1.KeyManagementService] and used
    /// for the integrity verification of additional_authenticated_data. A false
    /// value of this field indicates either that //
    /// [RawDecryptRequest.additional_authenticated_data_crc32c][google.cloud.kms.v1.RawDecryptRequest.additional_authenticated_data_crc32c]
    /// was left unset or that it was not delivered to
    /// [KeyManagementService][google.cloud.kms.v1.KeyManagementService]. If you've
    /// set
    /// [RawDecryptRequest.additional_authenticated_data_crc32c][google.cloud.kms.v1.RawDecryptRequest.additional_authenticated_data_crc32c]
    /// but this field is still false, discard the response and perform a limited
    /// number of retries.
    ///
    /// [google.cloud.kms.v1.KeyManagementService]: crate::client::KeyManagementService
    /// [google.cloud.kms.v1.RawDecryptRequest.additional_authenticated_data_crc32c]: crate::model::RawDecryptRequest::additional_authenticated_data_crc32c
    pub verified_additional_authenticated_data_crc32c: bool,

    /// Integrity verification field. A flag indicating whether
    /// [RawDecryptRequest.initialization_vector_crc32c][google.cloud.kms.v1.RawDecryptRequest.initialization_vector_crc32c]
    /// was received by
    /// [KeyManagementService][google.cloud.kms.v1.KeyManagementService] and used
    /// for the integrity verification of initialization_vector. A false value of
    /// this field indicates either that
    /// [RawDecryptRequest.initialization_vector_crc32c][google.cloud.kms.v1.RawDecryptRequest.initialization_vector_crc32c]
    /// was left unset or that it was not delivered to
    /// [KeyManagementService][google.cloud.kms.v1.KeyManagementService]. If you've
    /// set
    /// [RawDecryptRequest.initialization_vector_crc32c][google.cloud.kms.v1.RawDecryptRequest.initialization_vector_crc32c]
    /// but this field is still false, discard the response and perform a limited
    /// number of retries.
    ///
    /// [google.cloud.kms.v1.KeyManagementService]: crate::client::KeyManagementService
    /// [google.cloud.kms.v1.RawDecryptRequest.initialization_vector_crc32c]: crate::model::RawDecryptRequest::initialization_vector_crc32c
    pub verified_initialization_vector_crc32c: bool,

    pub(crate) _unknown_fields: serde_json::Map<std::string::String, serde_json::Value>,
}

impl RawDecryptResponse {
    pub fn new() -> Self {
        std::default::Default::default()
    }

    /// Sets the value of [plaintext][crate::model::RawDecryptResponse::plaintext].
    pub fn set_plaintext<T: std::convert::Into<::bytes::Bytes>>(mut self, v: T) -> Self {
        self.plaintext = v.into();
        self
    }

    /// Sets the value of [plaintext_crc32c][crate::model::RawDecryptResponse::plaintext_crc32c].
    pub fn set_plaintext_crc32c<T>(mut self, v: T) -> Self
    where
        T: std::convert::Into<wkt::Int64Value>,
    {
        self.plaintext_crc32c = std::option::Option::Some(v.into());
        self
    }

    /// Sets or clears the value of [plaintext_crc32c][crate::model::RawDecryptResponse::plaintext_crc32c].
    pub fn set_or_clear_plaintext_crc32c<T>(mut self, v: std::option::Option<T>) -> Self
    where
        T: std::convert::Into<wkt::Int64Value>,
    {
        self.plaintext_crc32c = v.map(|x| x.into());
        self
    }

    /// Sets the value of [protection_level][crate::model::RawDecryptResponse::protection_level].
    pub fn set_protection_level<T: std::convert::Into<crate::model::ProtectionLevel>>(
        mut self,
        v: T,
    ) -> Self {
        self.protection_level = v.into();
        self
    }

    /// Sets the value of [verified_ciphertext_crc32c][crate::model::RawDecryptResponse::verified_ciphertext_crc32c].
    pub fn set_verified_ciphertext_crc32c<T: std::convert::Into<bool>>(mut self, v: T) -> Self {
        self.verified_ciphertext_crc32c = v.into();
        self
    }

    /// Sets the value of [verified_additional_authenticated_data_crc32c][crate::model::RawDecryptResponse::verified_additional_authenticated_data_crc32c].
    pub fn set_verified_additional_authenticated_data_crc32c<T: std::convert::Into<bool>>(
        mut self,
        v: T,
    ) -> Self {
        self.verified_additional_authenticated_data_crc32c = v.into();
        self
    }

    /// Sets the value of [verified_initialization_vector_crc32c][crate::model::RawDecryptResponse::verified_initialization_vector_crc32c].
    pub fn set_verified_initialization_vector_crc32c<T: std::convert::Into<bool>>(
        mut self,
        v: T,
    ) -> Self {
        self.verified_initialization_vector_crc32c = v.into();
        self
    }
}

impl wkt::message::Message for RawDecryptResponse {
    fn typename() -> &'static str {
        "type.googleapis.com/google.cloud.kms.v1.RawDecryptResponse"
    }
}

/// Response message for
/// [KeyManagementService.AsymmetricSign][google.cloud.kms.v1.KeyManagementService.AsymmetricSign].
///
/// [google.cloud.kms.v1.KeyManagementService.AsymmetricSign]: crate::client::KeyManagementService::asymmetric_sign
#[derive(Clone, Default, PartialEq)]
#[non_exhaustive]
pub struct AsymmetricSignResponse {
    /// The created signature.
    pub signature: ::bytes::Bytes,

    /// Integrity verification field. A CRC32C checksum of the returned
    /// [AsymmetricSignResponse.signature][google.cloud.kms.v1.AsymmetricSignResponse.signature].
    /// An integrity check of
    /// [AsymmetricSignResponse.signature][google.cloud.kms.v1.AsymmetricSignResponse.signature]
    /// can be performed by computing the CRC32C checksum of
    /// [AsymmetricSignResponse.signature][google.cloud.kms.v1.AsymmetricSignResponse.signature]
    /// and comparing your results to this field. Discard the response in case of
    /// non-matching checksum values, and perform a limited number of retries. A
    /// persistent mismatch may indicate an issue in your computation of the CRC32C
    /// checksum. Note: This field is defined as int64 for reasons of compatibility
    /// across different languages. However, it is a non-negative integer, which
    /// will never exceed 2^32-1, and can be safely downconverted to uint32 in
    /// languages that support this type.
    ///
    /// [google.cloud.kms.v1.AsymmetricSignResponse.signature]: crate::model::AsymmetricSignResponse::signature
    pub signature_crc32c: std::option::Option<wkt::Int64Value>,

    /// Integrity verification field. A flag indicating whether
    /// [AsymmetricSignRequest.digest_crc32c][google.cloud.kms.v1.AsymmetricSignRequest.digest_crc32c]
    /// was received by
    /// [KeyManagementService][google.cloud.kms.v1.KeyManagementService] and used
    /// for the integrity verification of the
    /// [digest][google.cloud.kms.v1.AsymmetricSignRequest.digest]. A false value
    /// of this field indicates either that
    /// [AsymmetricSignRequest.digest_crc32c][google.cloud.kms.v1.AsymmetricSignRequest.digest_crc32c]
    /// was left unset or that it was not delivered to
    /// [KeyManagementService][google.cloud.kms.v1.KeyManagementService]. If you've
    /// set
    /// [AsymmetricSignRequest.digest_crc32c][google.cloud.kms.v1.AsymmetricSignRequest.digest_crc32c]
    /// but this field is still false, discard the response and perform a limited
    /// number of retries.
    ///
    /// [google.cloud.kms.v1.AsymmetricSignRequest.digest]: crate::model::AsymmetricSignRequest::digest
    /// [google.cloud.kms.v1.AsymmetricSignRequest.digest_crc32c]: crate::model::AsymmetricSignRequest::digest_crc32c
    /// [google.cloud.kms.v1.KeyManagementService]: crate::client::KeyManagementService
    pub verified_digest_crc32c: bool,

    /// The resource name of the
    /// [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] used for signing.
    /// Check this field to verify that the intended resource was used for signing.
    ///
    /// [google.cloud.kms.v1.CryptoKeyVersion]: crate::model::CryptoKeyVersion
    pub name: std::string::String,

    /// Integrity verification field. A flag indicating whether
    /// [AsymmetricSignRequest.data_crc32c][google.cloud.kms.v1.AsymmetricSignRequest.data_crc32c]
    /// was received by
    /// [KeyManagementService][google.cloud.kms.v1.KeyManagementService] and used
    /// for the integrity verification of the
    /// [data][google.cloud.kms.v1.AsymmetricSignRequest.data]. A false value of
    /// this field indicates either that
    /// [AsymmetricSignRequest.data_crc32c][google.cloud.kms.v1.AsymmetricSignRequest.data_crc32c]
    /// was left unset or that it was not delivered to
    /// [KeyManagementService][google.cloud.kms.v1.KeyManagementService]. If you've
    /// set
    /// [AsymmetricSignRequest.data_crc32c][google.cloud.kms.v1.AsymmetricSignRequest.data_crc32c]
    /// but this field is still false, discard the response and perform a limited
    /// number of retries.
    ///
    /// [google.cloud.kms.v1.AsymmetricSignRequest.data]: crate::model::AsymmetricSignRequest::data
    /// [google.cloud.kms.v1.AsymmetricSignRequest.data_crc32c]: crate::model::AsymmetricSignRequest::data_crc32c
    /// [google.cloud.kms.v1.KeyManagementService]: crate::client::KeyManagementService
    pub verified_data_crc32c: bool,

    /// The [ProtectionLevel][google.cloud.kms.v1.ProtectionLevel] of the
    /// [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] used for signing.
    ///
    /// [google.cloud.kms.v1.CryptoKeyVersion]: crate::model::CryptoKeyVersion
    /// [google.cloud.kms.v1.ProtectionLevel]: crate::model::ProtectionLevel
    pub protection_level: crate::model::ProtectionLevel,

    pub(crate) _unknown_fields: serde_json::Map<std::string::String, serde_json::Value>,
}

impl AsymmetricSignResponse {
    pub fn new() -> Self {
        std::default::Default::default()
    }

    /// Sets the value of [signature][crate::model::AsymmetricSignResponse::signature].
    pub fn set_signature<T: std::convert::Into<::bytes::Bytes>>(mut self, v: T) -> Self {
        self.signature = v.into();
        self
    }

    /// Sets the value of [signature_crc32c][crate::model::AsymmetricSignResponse::signature_crc32c].
    pub fn set_signature_crc32c<T>(mut self, v: T) -> Self
    where
        T: std::convert::Into<wkt::Int64Value>,
    {
        self.signature_crc32c = std::option::Option::Some(v.into());
        self
    }

    /// Sets or clears the value of [signature_crc32c][crate::model::AsymmetricSignResponse::signature_crc32c].
    pub fn set_or_clear_signature_crc32c<T>(mut self, v: std::option::Option<T>) -> Self
    where
        T: std::convert::Into<wkt::Int64Value>,
    {
        self.signature_crc32c = v.map(|x| x.into());
        self
    }

    /// Sets the value of [verified_digest_crc32c][crate::model::AsymmetricSignResponse::verified_digest_crc32c].
    pub fn set_verified_digest_crc32c<T: std::convert::Into<bool>>(mut self, v: T) -> Self {
        self.verified_digest_crc32c = v.into();
        self
    }

    /// Sets the value of [name][crate::model::AsymmetricSignResponse::name].
    pub fn set_name<T: std::convert::Into<std::string::String>>(mut self, v: T) -> Self {
        self.name = v.into();
        self
    }

    /// Sets the value of [verified_data_crc32c][crate::model::AsymmetricSignResponse::verified_data_crc32c].
    pub fn set_verified_data_crc32c<T: std::convert::Into<bool>>(mut self, v: T) -> Self {
        self.verified_data_crc32c = v.into();
        self
    }

    /// Sets the value of [protection_level][crate::model::AsymmetricSignResponse::protection_level].
    pub fn set_protection_level<T: std::convert::Into<crate::model::ProtectionLevel>>(
        mut self,
        v: T,
    ) -> Self {
        self.protection_level = v.into();
        self
    }
}

impl wkt::message::Message for AsymmetricSignResponse {
    fn typename() -> &'static str {
        "type.googleapis.com/google.cloud.kms.v1.AsymmetricSignResponse"
    }
}

/// Response message for
/// [KeyManagementService.AsymmetricDecrypt][google.cloud.kms.v1.KeyManagementService.AsymmetricDecrypt].
///
/// [google.cloud.kms.v1.KeyManagementService.AsymmetricDecrypt]: crate::client::KeyManagementService::asymmetric_decrypt
#[derive(Clone, Default, PartialEq)]
#[non_exhaustive]
pub struct AsymmetricDecryptResponse {
    /// The decrypted data originally encrypted with the matching public key.
    pub plaintext: ::bytes::Bytes,

    /// Integrity verification field. A CRC32C checksum of the returned
    /// [AsymmetricDecryptResponse.plaintext][google.cloud.kms.v1.AsymmetricDecryptResponse.plaintext].
    /// An integrity check of
    /// [AsymmetricDecryptResponse.plaintext][google.cloud.kms.v1.AsymmetricDecryptResponse.plaintext]
    /// can be performed by computing the CRC32C checksum of
    /// [AsymmetricDecryptResponse.plaintext][google.cloud.kms.v1.AsymmetricDecryptResponse.plaintext]
    /// and comparing your results to this field. Discard the response in case of
    /// non-matching checksum values, and perform a limited number of retries. A
    /// persistent mismatch may indicate an issue in your computation of the CRC32C
    /// checksum. Note: This field is defined as int64 for reasons of compatibility
    /// across different languages. However, it is a non-negative integer, which
    /// will never exceed 2^32-1, and can be safely downconverted to uint32 in
    /// languages that support this type.
    ///
    /// [google.cloud.kms.v1.AsymmetricDecryptResponse.plaintext]: crate::model::AsymmetricDecryptResponse::plaintext
    pub plaintext_crc32c: std::option::Option<wkt::Int64Value>,

    /// Integrity verification field. A flag indicating whether
    /// [AsymmetricDecryptRequest.ciphertext_crc32c][google.cloud.kms.v1.AsymmetricDecryptRequest.ciphertext_crc32c]
    /// was received by
    /// [KeyManagementService][google.cloud.kms.v1.KeyManagementService] and used
    /// for the integrity verification of the
    /// [ciphertext][google.cloud.kms.v1.AsymmetricDecryptRequest.ciphertext]. A
    /// false value of this field indicates either that
    /// [AsymmetricDecryptRequest.ciphertext_crc32c][google.cloud.kms.v1.AsymmetricDecryptRequest.ciphertext_crc32c]
    /// was left unset or that it was not delivered to
    /// [KeyManagementService][google.cloud.kms.v1.KeyManagementService]. If you've
    /// set
    /// [AsymmetricDecryptRequest.ciphertext_crc32c][google.cloud.kms.v1.AsymmetricDecryptRequest.ciphertext_crc32c]
    /// but this field is still false, discard the response and perform a limited
    /// number of retries.
    ///
    /// [google.cloud.kms.v1.AsymmetricDecryptRequest.ciphertext]: crate::model::AsymmetricDecryptRequest::ciphertext
    /// [google.cloud.kms.v1.AsymmetricDecryptRequest.ciphertext_crc32c]: crate::model::AsymmetricDecryptRequest::ciphertext_crc32c
    /// [google.cloud.kms.v1.KeyManagementService]: crate::client::KeyManagementService
    pub verified_ciphertext_crc32c: bool,

    /// The [ProtectionLevel][google.cloud.kms.v1.ProtectionLevel] of the
    /// [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] used in
    /// decryption.
    ///
    /// [google.cloud.kms.v1.CryptoKeyVersion]: crate::model::CryptoKeyVersion
    /// [google.cloud.kms.v1.ProtectionLevel]: crate::model::ProtectionLevel
    pub protection_level: crate::model::ProtectionLevel,

    pub(crate) _unknown_fields: serde_json::Map<std::string::String, serde_json::Value>,
}

impl AsymmetricDecryptResponse {
    pub fn new() -> Self {
        std::default::Default::default()
    }

    /// Sets the value of [plaintext][crate::model::AsymmetricDecryptResponse::plaintext].
    pub fn set_plaintext<T: std::convert::Into<::bytes::Bytes>>(mut self, v: T) -> Self {
        self.plaintext = v.into();
        self
    }

    /// Sets the value of [plaintext_crc32c][crate::model::AsymmetricDecryptResponse::plaintext_crc32c].
    pub fn set_plaintext_crc32c<T>(mut self, v: T) -> Self
    where
        T: std::convert::Into<wkt::Int64Value>,
    {
        self.plaintext_crc32c = std::option::Option::Some(v.into());
        self
    }

    /// Sets or clears the value of [plaintext_crc32c][crate::model::AsymmetricDecryptResponse::plaintext_crc32c].
    pub fn set_or_clear_plaintext_crc32c<T>(mut self, v: std::option::Option<T>) -> Self
    where
        T: std::convert::Into<wkt::Int64Value>,
    {
        self.plaintext_crc32c = v.map(|x| x.into());
        self
    }

    /// Sets the value of [verified_ciphertext_crc32c][crate::model::AsymmetricDecryptResponse::verified_ciphertext_crc32c].
    pub fn set_verified_ciphertext_crc32c<T: std::convert::Into<bool>>(mut self, v: T) -> Self {
        self.verified_ciphertext_crc32c = v.into();
        self
    }

    /// Sets the value of [protection_level][crate::model::AsymmetricDecryptResponse::protection_level].
    pub fn set_protection_level<T: std::convert::Into<crate::model::ProtectionLevel>>(
        mut self,
        v: T,
    ) -> Self {
        self.protection_level = v.into();
        self
    }
}

impl wkt::message::Message for AsymmetricDecryptResponse {
    fn typename() -> &'static str {
        "type.googleapis.com/google.cloud.kms.v1.AsymmetricDecryptResponse"
    }
}

/// Response message for
/// [KeyManagementService.MacSign][google.cloud.kms.v1.KeyManagementService.MacSign].
///
/// [google.cloud.kms.v1.KeyManagementService.MacSign]: crate::client::KeyManagementService::mac_sign
#[derive(Clone, Default, PartialEq)]
#[non_exhaustive]
pub struct MacSignResponse {
    /// The resource name of the
    /// [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] used for signing.
    /// Check this field to verify that the intended resource was used for signing.
    ///
    /// [google.cloud.kms.v1.CryptoKeyVersion]: crate::model::CryptoKeyVersion
    pub name: std::string::String,

    /// The created signature.
    pub mac: ::bytes::Bytes,

    /// Integrity verification field. A CRC32C checksum of the returned
    /// [MacSignResponse.mac][google.cloud.kms.v1.MacSignResponse.mac]. An
    /// integrity check of
    /// [MacSignResponse.mac][google.cloud.kms.v1.MacSignResponse.mac] can be
    /// performed by computing the CRC32C checksum of
    /// [MacSignResponse.mac][google.cloud.kms.v1.MacSignResponse.mac] and
    /// comparing your results to this field. Discard the response in case of
    /// non-matching checksum values, and perform a limited number of retries. A
    /// persistent mismatch may indicate an issue in your computation of the CRC32C
    /// checksum. Note: This field is defined as int64 for reasons of compatibility
    /// across different languages. However, it is a non-negative integer, which
    /// will never exceed 2^32-1, and can be safely downconverted to uint32 in
    /// languages that support this type.
    ///
    /// [google.cloud.kms.v1.MacSignResponse.mac]: crate::model::MacSignResponse::mac
    pub mac_crc32c: std::option::Option<wkt::Int64Value>,

    /// Integrity verification field. A flag indicating whether
    /// [MacSignRequest.data_crc32c][google.cloud.kms.v1.MacSignRequest.data_crc32c]
    /// was received by
    /// [KeyManagementService][google.cloud.kms.v1.KeyManagementService] and used
    /// for the integrity verification of the
    /// [data][google.cloud.kms.v1.MacSignRequest.data]. A false value of this
    /// field indicates either that
    /// [MacSignRequest.data_crc32c][google.cloud.kms.v1.MacSignRequest.data_crc32c]
    /// was left unset or that it was not delivered to
    /// [KeyManagementService][google.cloud.kms.v1.KeyManagementService]. If you've
    /// set
    /// [MacSignRequest.data_crc32c][google.cloud.kms.v1.MacSignRequest.data_crc32c]
    /// but this field is still false, discard the response and perform a limited
    /// number of retries.
    ///
    /// [google.cloud.kms.v1.KeyManagementService]: crate::client::KeyManagementService
    /// [google.cloud.kms.v1.MacSignRequest.data]: crate::model::MacSignRequest::data
    /// [google.cloud.kms.v1.MacSignRequest.data_crc32c]: crate::model::MacSignRequest::data_crc32c
    pub verified_data_crc32c: bool,

    /// The [ProtectionLevel][google.cloud.kms.v1.ProtectionLevel] of the
    /// [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] used for signing.
    ///
    /// [google.cloud.kms.v1.CryptoKeyVersion]: crate::model::CryptoKeyVersion
    /// [google.cloud.kms.v1.ProtectionLevel]: crate::model::ProtectionLevel
    pub protection_level: crate::model::ProtectionLevel,

    pub(crate) _unknown_fields: serde_json::Map<std::string::String, serde_json::Value>,
}

impl MacSignResponse {
    pub fn new() -> Self {
        std::default::Default::default()
    }

    /// Sets the value of [name][crate::model::MacSignResponse::name].
    pub fn set_name<T: std::convert::Into<std::string::String>>(mut self, v: T) -> Self {
        self.name = v.into();
        self
    }

    /// Sets the value of [mac][crate::model::MacSignResponse::mac].
    pub fn set_mac<T: std::convert::Into<::bytes::Bytes>>(mut self, v: T) -> Self {
        self.mac = v.into();
        self
    }

    /// Sets the value of [mac_crc32c][crate::model::MacSignResponse::mac_crc32c].
    pub fn set_mac_crc32c<T>(mut self, v: T) -> Self
    where
        T: std::convert::Into<wkt::Int64Value>,
    {
        self.mac_crc32c = std::option::Option::Some(v.into());
        self
    }

    /// Sets or clears the value of [mac_crc32c][crate::model::MacSignResponse::mac_crc32c].
    pub fn set_or_clear_mac_crc32c<T>(mut self, v: std::option::Option<T>) -> Self
    where
        T: std::convert::Into<wkt::Int64Value>,
    {
        self.mac_crc32c = v.map(|x| x.into());
        self
    }

    /// Sets the value of [verified_data_crc32c][crate::model::MacSignResponse::verified_data_crc32c].
    pub fn set_verified_data_crc32c<T: std::convert::Into<bool>>(mut self, v: T) -> Self {
        self.verified_data_crc32c = v.into();
        self
    }

    /// Sets the value of [protection_level][crate::model::MacSignResponse::protection_level].
    pub fn set_protection_level<T: std::convert::Into<crate::model::ProtectionLevel>>(
        mut self,
        v: T,
    ) -> Self {
        self.protection_level = v.into();
        self
    }
}

impl wkt::message::Message for MacSignResponse {
    fn typename() -> &'static str {
        "type.googleapis.com/google.cloud.kms.v1.MacSignResponse"
    }
}

/// Response message for
/// [KeyManagementService.MacVerify][google.cloud.kms.v1.KeyManagementService.MacVerify].
///
/// [google.cloud.kms.v1.KeyManagementService.MacVerify]: crate::client::KeyManagementService::mac_verify
#[derive(Clone, Default, PartialEq)]
#[non_exhaustive]
pub struct MacVerifyResponse {
    /// The resource name of the
    /// [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] used for
    /// verification. Check this field to verify that the intended resource was
    /// used for verification.
    ///
    /// [google.cloud.kms.v1.CryptoKeyVersion]: crate::model::CryptoKeyVersion
    pub name: std::string::String,

    /// This field indicates whether or not the verification operation for
    /// [MacVerifyRequest.mac][google.cloud.kms.v1.MacVerifyRequest.mac] over
    /// [MacVerifyRequest.data][google.cloud.kms.v1.MacVerifyRequest.data] was
    /// successful.
    ///
    /// [google.cloud.kms.v1.MacVerifyRequest.data]: crate::model::MacVerifyRequest::data
    /// [google.cloud.kms.v1.MacVerifyRequest.mac]: crate::model::MacVerifyRequest::mac
    pub success: bool,

    /// Integrity verification field. A flag indicating whether
    /// [MacVerifyRequest.data_crc32c][google.cloud.kms.v1.MacVerifyRequest.data_crc32c]
    /// was received by
    /// [KeyManagementService][google.cloud.kms.v1.KeyManagementService] and used
    /// for the integrity verification of the
    /// [data][google.cloud.kms.v1.MacVerifyRequest.data]. A false value of this
    /// field indicates either that
    /// [MacVerifyRequest.data_crc32c][google.cloud.kms.v1.MacVerifyRequest.data_crc32c]
    /// was left unset or that it was not delivered to
    /// [KeyManagementService][google.cloud.kms.v1.KeyManagementService]. If you've
    /// set
    /// [MacVerifyRequest.data_crc32c][google.cloud.kms.v1.MacVerifyRequest.data_crc32c]
    /// but this field is still false, discard the response and perform a limited
    /// number of retries.
    ///
    /// [google.cloud.kms.v1.KeyManagementService]: crate::client::KeyManagementService
    /// [google.cloud.kms.v1.MacVerifyRequest.data]: crate::model::MacVerifyRequest::data
    /// [google.cloud.kms.v1.MacVerifyRequest.data_crc32c]: crate::model::MacVerifyRequest::data_crc32c
    pub verified_data_crc32c: bool,

    /// Integrity verification field. A flag indicating whether
    /// [MacVerifyRequest.mac_crc32c][google.cloud.kms.v1.MacVerifyRequest.mac_crc32c]
    /// was received by
    /// [KeyManagementService][google.cloud.kms.v1.KeyManagementService] and used
    /// for the integrity verification of the
    /// [data][google.cloud.kms.v1.MacVerifyRequest.mac]. A false value of this
    /// field indicates either that
    /// [MacVerifyRequest.mac_crc32c][google.cloud.kms.v1.MacVerifyRequest.mac_crc32c]
    /// was left unset or that it was not delivered to
    /// [KeyManagementService][google.cloud.kms.v1.KeyManagementService]. If you've
    /// set
    /// [MacVerifyRequest.mac_crc32c][google.cloud.kms.v1.MacVerifyRequest.mac_crc32c]
    /// but this field is still false, discard the response and perform a limited
    /// number of retries.
    ///
    /// [google.cloud.kms.v1.KeyManagementService]: crate::client::KeyManagementService
    /// [google.cloud.kms.v1.MacVerifyRequest.mac]: crate::model::MacVerifyRequest::mac
    /// [google.cloud.kms.v1.MacVerifyRequest.mac_crc32c]: crate::model::MacVerifyRequest::mac_crc32c
    pub verified_mac_crc32c: bool,

    /// Integrity verification field. This value is used for the integrity
    /// verification of [MacVerifyResponse.success]. If the value of this field
    /// contradicts the value of [MacVerifyResponse.success], discard the response
    /// and perform a limited number of retries.
    pub verified_success_integrity: bool,

    /// The [ProtectionLevel][google.cloud.kms.v1.ProtectionLevel] of the
    /// [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] used for
    /// verification.
    ///
    /// [google.cloud.kms.v1.CryptoKeyVersion]: crate::model::CryptoKeyVersion
    /// [google.cloud.kms.v1.ProtectionLevel]: crate::model::ProtectionLevel
    pub protection_level: crate::model::ProtectionLevel,

    pub(crate) _unknown_fields: serde_json::Map<std::string::String, serde_json::Value>,
}

impl MacVerifyResponse {
    pub fn new() -> Self {
        std::default::Default::default()
    }

    /// Sets the value of [name][crate::model::MacVerifyResponse::name].
    pub fn set_name<T: std::convert::Into<std::string::String>>(mut self, v: T) -> Self {
        self.name = v.into();
        self
    }

    /// Sets the value of [success][crate::model::MacVerifyResponse::success].
    pub fn set_success<T: std::convert::Into<bool>>(mut self, v: T) -> Self {
        self.success = v.into();
        self
    }

    /// Sets the value of [verified_data_crc32c][crate::model::MacVerifyResponse::verified_data_crc32c].
    pub fn set_verified_data_crc32c<T: std::convert::Into<bool>>(mut self, v: T) -> Self {
        self.verified_data_crc32c = v.into();
        self
    }

    /// Sets the value of [verified_mac_crc32c][crate::model::MacVerifyResponse::verified_mac_crc32c].
    pub fn set_verified_mac_crc32c<T: std::convert::Into<bool>>(mut self, v: T) -> Self {
        self.verified_mac_crc32c = v.into();
        self
    }

    /// Sets the value of [verified_success_integrity][crate::model::MacVerifyResponse::verified_success_integrity].
    pub fn set_verified_success_integrity<T: std::convert::Into<bool>>(mut self, v: T) -> Self {
        self.verified_success_integrity = v.into();
        self
    }

    /// Sets the value of [protection_level][crate::model::MacVerifyResponse::protection_level].
    pub fn set_protection_level<T: std::convert::Into<crate::model::ProtectionLevel>>(
        mut self,
        v: T,
    ) -> Self {
        self.protection_level = v.into();
        self
    }
}

impl wkt::message::Message for MacVerifyResponse {
    fn typename() -> &'static str {
        "type.googleapis.com/google.cloud.kms.v1.MacVerifyResponse"
    }
}

/// Response message for
/// [KeyManagementService.Decapsulate][google.cloud.kms.v1.KeyManagementService.Decapsulate].
///
/// [google.cloud.kms.v1.KeyManagementService.Decapsulate]: crate::client::KeyManagementService::decapsulate
#[derive(Clone, Default, PartialEq)]
#[non_exhaustive]
pub struct DecapsulateResponse {
    /// The resource name of the
    /// [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] used for
    /// decapsulation. Check this field to verify that the intended resource was
    /// used for decapsulation.
    ///
    /// [google.cloud.kms.v1.CryptoKeyVersion]: crate::model::CryptoKeyVersion
    pub name: std::string::String,

    /// The decapsulated shared_secret originally encapsulated with the matching
    /// public key.
    pub shared_secret: ::bytes::Bytes,

    /// Integrity verification field. A CRC32C checksum of the returned
    /// [DecapsulateResponse.shared_secret][google.cloud.kms.v1.DecapsulateResponse.shared_secret].
    /// An integrity check of
    /// [DecapsulateResponse.shared_secret][google.cloud.kms.v1.DecapsulateResponse.shared_secret]
    /// can be performed by computing the CRC32C checksum of
    /// [DecapsulateResponse.shared_secret][google.cloud.kms.v1.DecapsulateResponse.shared_secret]
    /// and comparing your results to this field. Discard the response in case of
    /// non-matching checksum values, and perform a limited number of retries. A
    /// persistent mismatch may indicate an issue in your computation of the CRC32C
    /// checksum. Note: receiving this response message indicates that
    /// [KeyManagementService][google.cloud.kms.v1.KeyManagementService] is able to
    /// successfully decrypt the
    /// [ciphertext][google.cloud.kms.v1.DecapsulateRequest.ciphertext]. Note: This
    /// field is defined as int64 for reasons of compatibility across different
    /// languages. However, it is a non-negative integer, which will never exceed
    /// 2^32-1, and can be safely downconverted to uint32 in languages that support
    /// this type.
    ///
    /// [google.cloud.kms.v1.DecapsulateRequest.ciphertext]: crate::model::DecapsulateRequest::ciphertext
    /// [google.cloud.kms.v1.DecapsulateResponse.shared_secret]: crate::model::DecapsulateResponse::shared_secret
    /// [google.cloud.kms.v1.KeyManagementService]: crate::client::KeyManagementService
    pub shared_secret_crc32c: std::option::Option<i64>,

    /// Integrity verification field. A flag indicating whether
    /// [DecapsulateRequest.ciphertext_crc32c][google.cloud.kms.v1.DecapsulateRequest.ciphertext_crc32c]
    /// was received by
    /// [KeyManagementService][google.cloud.kms.v1.KeyManagementService] and used
    /// for the integrity verification of the
    /// [ciphertext][google.cloud.kms.v1.DecapsulateRequest.ciphertext]. A false
    /// value of this field indicates either that
    /// [DecapsulateRequest.ciphertext_crc32c][google.cloud.kms.v1.DecapsulateRequest.ciphertext_crc32c]
    /// was left unset or that it was not delivered to
    /// [KeyManagementService][google.cloud.kms.v1.KeyManagementService]. If you've
    /// set
    /// [DecapsulateRequest.ciphertext_crc32c][google.cloud.kms.v1.DecapsulateRequest.ciphertext_crc32c]
    /// but this field is still false, discard the response and perform a limited
    /// number of retries.
    ///
    /// [google.cloud.kms.v1.DecapsulateRequest.ciphertext]: crate::model::DecapsulateRequest::ciphertext
    /// [google.cloud.kms.v1.DecapsulateRequest.ciphertext_crc32c]: crate::model::DecapsulateRequest::ciphertext_crc32c
    /// [google.cloud.kms.v1.KeyManagementService]: crate::client::KeyManagementService
    pub verified_ciphertext_crc32c: bool,

    /// The [ProtectionLevel][google.cloud.kms.v1.ProtectionLevel] of the
    /// [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] used in
    /// decapsulation.
    ///
    /// [google.cloud.kms.v1.CryptoKeyVersion]: crate::model::CryptoKeyVersion
    /// [google.cloud.kms.v1.ProtectionLevel]: crate::model::ProtectionLevel
    pub protection_level: crate::model::ProtectionLevel,

    pub(crate) _unknown_fields: serde_json::Map<std::string::String, serde_json::Value>,
}

impl DecapsulateResponse {
    pub fn new() -> Self {
        std::default::Default::default()
    }

    /// Sets the value of [name][crate::model::DecapsulateResponse::name].
    pub fn set_name<T: std::convert::Into<std::string::String>>(mut self, v: T) -> Self {
        self.name = v.into();
        self
    }

    /// Sets the value of [shared_secret][crate::model::DecapsulateResponse::shared_secret].
    pub fn set_shared_secret<T: std::convert::Into<::bytes::Bytes>>(mut self, v: T) -> Self {
        self.shared_secret = v.into();
        self
    }

    /// Sets the value of [shared_secret_crc32c][crate::model::DecapsulateResponse::shared_secret_crc32c].
    pub fn set_shared_secret_crc32c<T>(mut self, v: T) -> Self
    where
        T: std::convert::Into<i64>,
    {
        self.shared_secret_crc32c = std::option::Option::Some(v.into());
        self
    }

    /// Sets or clears the value of [shared_secret_crc32c][crate::model::DecapsulateResponse::shared_secret_crc32c].
    pub fn set_or_clear_shared_secret_crc32c<T>(mut self, v: std::option::Option<T>) -> Self
    where
        T: std::convert::Into<i64>,
    {
        self.shared_secret_crc32c = v.map(|x| x.into());
        self
    }

    /// Sets the value of [verified_ciphertext_crc32c][crate::model::DecapsulateResponse::verified_ciphertext_crc32c].
    pub fn set_verified_ciphertext_crc32c<T: std::convert::Into<bool>>(mut self, v: T) -> Self {
        self.verified_ciphertext_crc32c = v.into();
        self
    }

    /// Sets the value of [protection_level][crate::model::DecapsulateResponse::protection_level].
    pub fn set_protection_level<T: std::convert::Into<crate::model::ProtectionLevel>>(
        mut self,
        v: T,
    ) -> Self {
        self.protection_level = v.into();
        self
    }
}

impl wkt::message::Message for DecapsulateResponse {
    fn typename() -> &'static str {
        "type.googleapis.com/google.cloud.kms.v1.DecapsulateResponse"
    }
}

/// Response message for
/// [KeyManagementService.GenerateRandomBytes][google.cloud.kms.v1.KeyManagementService.GenerateRandomBytes].
///
/// [google.cloud.kms.v1.KeyManagementService.GenerateRandomBytes]: crate::client::KeyManagementService::generate_random_bytes
#[derive(Clone, Default, PartialEq)]
#[non_exhaustive]
pub struct GenerateRandomBytesResponse {
    /// The generated data.
    pub data: ::bytes::Bytes,

    /// Integrity verification field. A CRC32C checksum of the returned
    /// [GenerateRandomBytesResponse.data][google.cloud.kms.v1.GenerateRandomBytesResponse.data].
    /// An integrity check of
    /// [GenerateRandomBytesResponse.data][google.cloud.kms.v1.GenerateRandomBytesResponse.data]
    /// can be performed by computing the CRC32C checksum of
    /// [GenerateRandomBytesResponse.data][google.cloud.kms.v1.GenerateRandomBytesResponse.data]
    /// and comparing your results to this field. Discard the response in case of
    /// non-matching checksum values, and perform a limited number of retries. A
    /// persistent mismatch may indicate an issue in your computation of the CRC32C
    /// checksum. Note: This field is defined as int64 for reasons of compatibility
    /// across different languages. However, it is a non-negative integer, which
    /// will never exceed 2^32-1, and can be safely downconverted to uint32 in
    /// languages that support this type.
    ///
    /// [google.cloud.kms.v1.GenerateRandomBytesResponse.data]: crate::model::GenerateRandomBytesResponse::data
    pub data_crc32c: std::option::Option<wkt::Int64Value>,

    pub(crate) _unknown_fields: serde_json::Map<std::string::String, serde_json::Value>,
}

impl GenerateRandomBytesResponse {
    pub fn new() -> Self {
        std::default::Default::default()
    }

    /// Sets the value of [data][crate::model::GenerateRandomBytesResponse::data].
    pub fn set_data<T: std::convert::Into<::bytes::Bytes>>(mut self, v: T) -> Self {
        self.data = v.into();
        self
    }

    /// Sets the value of [data_crc32c][crate::model::GenerateRandomBytesResponse::data_crc32c].
    pub fn set_data_crc32c<T>(mut self, v: T) -> Self
    where
        T: std::convert::Into<wkt::Int64Value>,
    {
        self.data_crc32c = std::option::Option::Some(v.into());
        self
    }

    /// Sets or clears the value of [data_crc32c][crate::model::GenerateRandomBytesResponse::data_crc32c].
    pub fn set_or_clear_data_crc32c<T>(mut self, v: std::option::Option<T>) -> Self
    where
        T: std::convert::Into<wkt::Int64Value>,
    {
        self.data_crc32c = v.map(|x| x.into());
        self
    }
}

impl wkt::message::Message for GenerateRandomBytesResponse {
    fn typename() -> &'static str {
        "type.googleapis.com/google.cloud.kms.v1.GenerateRandomBytesResponse"
    }
}

/// A [Digest][google.cloud.kms.v1.Digest] holds a cryptographic message digest.
///
/// [google.cloud.kms.v1.Digest]: crate::model::Digest
#[derive(Clone, Default, PartialEq)]
#[non_exhaustive]
pub struct Digest {
    /// Required. The message digest.
    pub digest: std::option::Option<crate::model::digest::Digest>,

    pub(crate) _unknown_fields: serde_json::Map<std::string::String, serde_json::Value>,
}

impl Digest {
    pub fn new() -> Self {
        std::default::Default::default()
    }

    /// Sets the value of [digest][crate::model::Digest::digest].
    ///
    /// Note that all the setters affecting `digest` are mutually
    /// exclusive.
    pub fn set_digest<T: std::convert::Into<std::option::Option<crate::model::digest::Digest>>>(
        mut self,
        v: T,
    ) -> Self {
        self.digest = v.into();
        self
    }

    /// The value of [digest][crate::model::Digest::digest]
    /// if it holds a `Sha256`, `None` if the field is not set or
    /// holds a different branch.
    pub fn sha256(&self) -> std::option::Option<&::bytes::Bytes> {
        #[allow(unreachable_patterns)]
        self.digest.as_ref().and_then(|v| match v {
            crate::model::digest::Digest::Sha256(v) => std::option::Option::Some(v),
            _ => std::option::Option::None,
        })
    }

    /// Sets the value of [digest][crate::model::Digest::digest]
    /// to hold a `Sha256`.
    ///
    /// Note that all the setters affecting `digest` are
    /// mutually exclusive.
    pub fn set_sha256<T: std::convert::Into<::bytes::Bytes>>(mut self, v: T) -> Self {
        self.digest = std::option::Option::Some(crate::model::digest::Digest::Sha256(v.into()));
        self
    }

    /// The value of [digest][crate::model::Digest::digest]
    /// if it holds a `Sha384`, `None` if the field is not set or
    /// holds a different branch.
    pub fn sha384(&self) -> std::option::Option<&::bytes::Bytes> {
        #[allow(unreachable_patterns)]
        self.digest.as_ref().and_then(|v| match v {
            crate::model::digest::Digest::Sha384(v) => std::option::Option::Some(v),
            _ => std::option::Option::None,
        })
    }

    /// Sets the value of [digest][crate::model::Digest::digest]
    /// to hold a `Sha384`.
    ///
    /// Note that all the setters affecting `digest` are
    /// mutually exclusive.
    pub fn set_sha384<T: std::convert::Into<::bytes::Bytes>>(mut self, v: T) -> Self {
        self.digest = std::option::Option::Some(crate::model::digest::Digest::Sha384(v.into()));
        self
    }

    /// The value of [digest][crate::model::Digest::digest]
    /// if it holds a `Sha512`, `None` if the field is not set or
    /// holds a different branch.
    pub fn sha512(&self) -> std::option::Option<&::bytes::Bytes> {
        #[allow(unreachable_patterns)]
        self.digest.as_ref().and_then(|v| match v {
            crate::model::digest::Digest::Sha512(v) => std::option::Option::Some(v),
            _ => std::option::Option::None,
        })
    }

    /// Sets the value of [digest][crate::model::Digest::digest]
    /// to hold a `Sha512`.
    ///
    /// Note that all the setters affecting `digest` are
    /// mutually exclusive.
    pub fn set_sha512<T: std::convert::Into<::bytes::Bytes>>(mut self, v: T) -> Self {
        self.digest = std::option::Option::Some(crate::model::digest::Digest::Sha512(v.into()));
        self
    }
}

impl wkt::message::Message for Digest {
    fn typename() -> &'static str {
        "type.googleapis.com/google.cloud.kms.v1.Digest"
    }
}

/// Defines additional types related to [Digest].
pub mod digest {
    #[allow(unused_imports)]
    use super::*;

    /// Required. The message digest.
    #[derive(Clone, Debug, PartialEq)]
    #[non_exhaustive]
    pub enum Digest {
        /// A message digest produced with the SHA-256 algorithm.
        Sha256(::bytes::Bytes),
        /// A message digest produced with the SHA-384 algorithm.
        Sha384(::bytes::Bytes),
        /// A message digest produced with the SHA-512 algorithm.
        Sha512(::bytes::Bytes),
    }
}

/// Cloud KMS metadata for the given
/// [google.cloud.location.Location][google.cloud.location.Location].
///
/// [google.cloud.location.Location]: location::model::Location
#[derive(Clone, Default, PartialEq)]
#[non_exhaustive]
pub struct LocationMetadata {
    /// Indicates whether [CryptoKeys][google.cloud.kms.v1.CryptoKey] with
    /// [protection_level][google.cloud.kms.v1.CryptoKeyVersionTemplate.protection_level]
    /// [HSM][google.cloud.kms.v1.ProtectionLevel.HSM] can be created in this
    /// location.
    ///
    /// [google.cloud.kms.v1.CryptoKey]: crate::model::CryptoKey
    /// [google.cloud.kms.v1.CryptoKeyVersionTemplate.protection_level]: crate::model::CryptoKeyVersionTemplate::protection_level
    /// [google.cloud.kms.v1.ProtectionLevel.HSM]: crate::model::ProtectionLevel::Hsm
    pub hsm_available: bool,

    /// Indicates whether [CryptoKeys][google.cloud.kms.v1.CryptoKey] with
    /// [protection_level][google.cloud.kms.v1.CryptoKeyVersionTemplate.protection_level]
    /// [EXTERNAL][google.cloud.kms.v1.ProtectionLevel.EXTERNAL] can be created in
    /// this location.
    ///
    /// [google.cloud.kms.v1.CryptoKey]: crate::model::CryptoKey
    /// [google.cloud.kms.v1.CryptoKeyVersionTemplate.protection_level]: crate::model::CryptoKeyVersionTemplate::protection_level
    /// [google.cloud.kms.v1.ProtectionLevel.EXTERNAL]: crate::model::ProtectionLevel::External
    pub ekm_available: bool,

    pub(crate) _unknown_fields: serde_json::Map<std::string::String, serde_json::Value>,
}

impl LocationMetadata {
    pub fn new() -> Self {
        std::default::Default::default()
    }

    /// Sets the value of [hsm_available][crate::model::LocationMetadata::hsm_available].
    pub fn set_hsm_available<T: std::convert::Into<bool>>(mut self, v: T) -> Self {
        self.hsm_available = v.into();
        self
    }

    /// Sets the value of [ekm_available][crate::model::LocationMetadata::ekm_available].
    pub fn set_ekm_available<T: std::convert::Into<bool>>(mut self, v: T) -> Self {
        self.ekm_available = v.into();
        self
    }
}

impl wkt::message::Message for LocationMetadata {
    fn typename() -> &'static str {
        "type.googleapis.com/google.cloud.kms.v1.LocationMetadata"
    }
}

/// [ProtectionLevel][google.cloud.kms.v1.ProtectionLevel] specifies how
/// cryptographic operations are performed. For more information, see [Protection
/// levels] (<https://cloud.google.com/kms/docs/algorithms#protection_levels>).
///
/// [google.cloud.kms.v1.ProtectionLevel]: crate::model::ProtectionLevel
///
/// # Working with unknown values
///
/// This enum is defined as `#[non_exhaustive]` because Google Cloud may add
/// additional enum variants at any time. Adding new variants is not considered
/// a breaking change. Applications should write their code in anticipation of:
///
/// - New values appearing in future releases of the client library, **and**
/// - New values received dynamically, without application changes.
///
/// Please consult the [Working with enums] section in the user guide for some
/// guidelines.
///
/// [Working with enums]: https://google-cloud-rust.github.io/working_with_enums.html
#[derive(Clone, Debug, PartialEq)]
#[non_exhaustive]
pub enum ProtectionLevel {
    /// Not specified.
    Unspecified,
    /// Crypto operations are performed in software.
    Software,
    /// Crypto operations are performed in a Hardware Security Module.
    Hsm,
    /// Crypto operations are performed by an external key manager.
    External,
    /// Crypto operations are performed in an EKM-over-VPC backend.
    ExternalVpc,
    /// If set, the enum was initialized with an unknown value.
    ///
    /// Applications can examine the value using [ProtectionLevel::value] or
    /// [ProtectionLevel::name].
    UnknownValue(protection_level::UnknownValue),
}

#[doc(hidden)]
pub mod protection_level {
    #[allow(unused_imports)]
    use super::*;
    #[derive(Clone, Debug, PartialEq)]
    pub struct UnknownValue(pub(crate) wkt::internal::UnknownEnumValue);
}

impl ProtectionLevel {
    /// Gets the enum value.
    ///
    /// Returns `None` if the enum contains an unknown value deserialized from
    /// the string representation of enums.
    pub fn value(&self) -> std::option::Option<i32> {
        match self {
            Self::Unspecified => std::option::Option::Some(0),
            Self::Software => std::option::Option::Some(1),
            Self::Hsm => std::option::Option::Some(2),
            Self::External => std::option::Option::Some(3),
            Self::ExternalVpc => std::option::Option::Some(4),
            Self::UnknownValue(u) => u.0.value(),
        }
    }

    /// Gets the enum value as a string.
    ///
    /// Returns `None` if the enum contains an unknown value deserialized from
    /// the integer representation of enums.
    pub fn name(&self) -> std::option::Option<&str> {
        match self {
            Self::Unspecified => std::option::Option::Some("PROTECTION_LEVEL_UNSPECIFIED"),
            Self::Software => std::option::Option::Some("SOFTWARE"),
            Self::Hsm => std::option::Option::Some("HSM"),
            Self::External => std::option::Option::Some("EXTERNAL"),
            Self::ExternalVpc => std::option::Option::Some("EXTERNAL_VPC"),
            Self::UnknownValue(u) => u.0.name(),
        }
    }
}

impl std::default::Default for ProtectionLevel {
    fn default() -> Self {
        use std::convert::From;
        Self::from(0)
    }
}

impl std::fmt::Display for ProtectionLevel {
    fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::result::Result<(), std::fmt::Error> {
        wkt::internal::display_enum(f, self.name(), self.value())
    }
}

impl std::convert::From<i32> for ProtectionLevel {
    fn from(value: i32) -> Self {
        match value {
            0 => Self::Unspecified,
            1 => Self::Software,
            2 => Self::Hsm,
            3 => Self::External,
            4 => Self::ExternalVpc,
            _ => Self::UnknownValue(protection_level::UnknownValue(
                wkt::internal::UnknownEnumValue::Integer(value),
            )),
        }
    }
}

impl std::convert::From<&str> for ProtectionLevel {
    fn from(value: &str) -> Self {
        use std::string::ToString;
        match value {
            "PROTECTION_LEVEL_UNSPECIFIED" => Self::Unspecified,
            "SOFTWARE" => Self::Software,
            "HSM" => Self::Hsm,
            "EXTERNAL" => Self::External,
            "EXTERNAL_VPC" => Self::ExternalVpc,
            _ => Self::UnknownValue(protection_level::UnknownValue(
                wkt::internal::UnknownEnumValue::String(value.to_string()),
            )),
        }
    }
}

impl serde::ser::Serialize for ProtectionLevel {
    fn serialize<S>(&self, serializer: S) -> std::result::Result<S::Ok, S::Error>
    where
        S: serde::Serializer,
    {
        match self {
            Self::Unspecified => serializer.serialize_i32(0),
            Self::Software => serializer.serialize_i32(1),
            Self::Hsm => serializer.serialize_i32(2),
            Self::External => serializer.serialize_i32(3),
            Self::ExternalVpc => serializer.serialize_i32(4),
            Self::UnknownValue(u) => u.0.serialize(serializer),
        }
    }
}

impl<'de> serde::de::Deserialize<'de> for ProtectionLevel {
    fn deserialize<D>(deserializer: D) -> std::result::Result<Self, D::Error>
    where
        D: serde::Deserializer<'de>,
    {
        deserializer.deserialize_any(wkt::internal::EnumVisitor::<ProtectionLevel>::new(
            ".google.cloud.kms.v1.ProtectionLevel",
        ))
    }
}

/// Describes the reason for a data access. Please refer to
/// <https://cloud.google.com/assured-workloads/key-access-justifications/docs/justification-codes>
/// for the detailed semantic meaning of justification reason codes.
///
/// # Working with unknown values
///
/// This enum is defined as `#[non_exhaustive]` because Google Cloud may add
/// additional enum variants at any time. Adding new variants is not considered
/// a breaking change. Applications should write their code in anticipation of:
///
/// - New values appearing in future releases of the client library, **and**
/// - New values received dynamically, without application changes.
///
/// Please consult the [Working with enums] section in the user guide for some
/// guidelines.
///
/// [Working with enums]: https://google-cloud-rust.github.io/working_with_enums.html
#[derive(Clone, Debug, PartialEq)]
#[non_exhaustive]
pub enum AccessReason {
    /// Unspecified access reason.
    ReasonUnspecified,
    /// Customer-initiated support.
    CustomerInitiatedSupport,
    /// Google-initiated access for system management and troubleshooting.
    GoogleInitiatedService,
    /// Google-initiated access in response to a legal request or legal process.
    ThirdPartyDataRequest,
    /// Google-initiated access for security, fraud, abuse, or compliance purposes.
    GoogleInitiatedReview,
    /// Customer uses their account to perform any access to their own data which
    /// their IAM policy authorizes.
    CustomerInitiatedAccess,
    /// Google systems access customer data to help optimize the structure of the
    /// data or quality for future uses by the customer.
    GoogleInitiatedSystemOperation,
    /// No reason is expected for this key request.
    ReasonNotExpected,
    /// Customer uses their account to perform any access to their own data which
    /// their IAM policy authorizes, and one of the following is true:
    ///
    /// * A Google administrator has reset the root-access account associated with
    ///   the user's organization within the past 7 days.
    /// * A Google-initiated emergency access operation has interacted with a
    ///   resource in the same project or folder as the currently accessed resource
    ///   within the past 7 days.
    ModifiedCustomerInitiatedAccess,
    /// Google systems access customer data to help optimize the structure of the
    /// data or quality for future uses by the customer, and one of the following
    /// is true:
    ///
    /// * A Google administrator has reset the root-access account associated with
    ///   the user's organization within the past 7 days.
    /// * A Google-initiated emergency access operation has interacted with a
    ///   resource in the same project or folder as the currently accessed resource
    ///   within the past 7 days.
    ModifiedGoogleInitiatedSystemOperation,
    /// Google-initiated access to maintain system reliability.
    GoogleResponseToProductionAlert,
    /// One of the following operations is being executed while simultaneously
    /// encountering an internal technical issue which prevented a more precise
    /// justification code from being generated:
    ///
    /// * Your account has been used to perform any access to your own data which
    ///   your IAM policy authorizes.
    /// * An automated Google system operates on encrypted customer data which your
    ///   IAM policy authorizes.
    /// * Customer-initiated Google support access.
    /// * Google-initiated support access to protect system reliability.
    CustomerAuthorizedWorkflowServicing,
    /// If set, the enum was initialized with an unknown value.
    ///
    /// Applications can examine the value using [AccessReason::value] or
    /// [AccessReason::name].
    UnknownValue(access_reason::UnknownValue),
}

#[doc(hidden)]
pub mod access_reason {
    #[allow(unused_imports)]
    use super::*;
    #[derive(Clone, Debug, PartialEq)]
    pub struct UnknownValue(pub(crate) wkt::internal::UnknownEnumValue);
}

impl AccessReason {
    /// Gets the enum value.
    ///
    /// Returns `None` if the enum contains an unknown value deserialized from
    /// the string representation of enums.
    pub fn value(&self) -> std::option::Option<i32> {
        match self {
            Self::ReasonUnspecified => std::option::Option::Some(0),
            Self::CustomerInitiatedSupport => std::option::Option::Some(1),
            Self::GoogleInitiatedService => std::option::Option::Some(2),
            Self::ThirdPartyDataRequest => std::option::Option::Some(3),
            Self::GoogleInitiatedReview => std::option::Option::Some(4),
            Self::CustomerInitiatedAccess => std::option::Option::Some(5),
            Self::GoogleInitiatedSystemOperation => std::option::Option::Some(6),
            Self::ReasonNotExpected => std::option::Option::Some(7),
            Self::ModifiedCustomerInitiatedAccess => std::option::Option::Some(8),
            Self::ModifiedGoogleInitiatedSystemOperation => std::option::Option::Some(9),
            Self::GoogleResponseToProductionAlert => std::option::Option::Some(10),
            Self::CustomerAuthorizedWorkflowServicing => std::option::Option::Some(11),
            Self::UnknownValue(u) => u.0.value(),
        }
    }

    /// Gets the enum value as a string.
    ///
    /// Returns `None` if the enum contains an unknown value deserialized from
    /// the integer representation of enums.
    pub fn name(&self) -> std::option::Option<&str> {
        match self {
            Self::ReasonUnspecified => std::option::Option::Some("REASON_UNSPECIFIED"),
            Self::CustomerInitiatedSupport => {
                std::option::Option::Some("CUSTOMER_INITIATED_SUPPORT")
            }
            Self::GoogleInitiatedService => std::option::Option::Some("GOOGLE_INITIATED_SERVICE"),
            Self::ThirdPartyDataRequest => std::option::Option::Some("THIRD_PARTY_DATA_REQUEST"),
            Self::GoogleInitiatedReview => std::option::Option::Some("GOOGLE_INITIATED_REVIEW"),
            Self::CustomerInitiatedAccess => std::option::Option::Some("CUSTOMER_INITIATED_ACCESS"),
            Self::GoogleInitiatedSystemOperation => {
                std::option::Option::Some("GOOGLE_INITIATED_SYSTEM_OPERATION")
            }
            Self::ReasonNotExpected => std::option::Option::Some("REASON_NOT_EXPECTED"),
            Self::ModifiedCustomerInitiatedAccess => {
                std::option::Option::Some("MODIFIED_CUSTOMER_INITIATED_ACCESS")
            }
            Self::ModifiedGoogleInitiatedSystemOperation => {
                std::option::Option::Some("MODIFIED_GOOGLE_INITIATED_SYSTEM_OPERATION")
            }
            Self::GoogleResponseToProductionAlert => {
                std::option::Option::Some("GOOGLE_RESPONSE_TO_PRODUCTION_ALERT")
            }
            Self::CustomerAuthorizedWorkflowServicing => {
                std::option::Option::Some("CUSTOMER_AUTHORIZED_WORKFLOW_SERVICING")
            }
            Self::UnknownValue(u) => u.0.name(),
        }
    }
}

impl std::default::Default for AccessReason {
    fn default() -> Self {
        use std::convert::From;
        Self::from(0)
    }
}

impl std::fmt::Display for AccessReason {
    fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::result::Result<(), std::fmt::Error> {
        wkt::internal::display_enum(f, self.name(), self.value())
    }
}

impl std::convert::From<i32> for AccessReason {
    fn from(value: i32) -> Self {
        match value {
            0 => Self::ReasonUnspecified,
            1 => Self::CustomerInitiatedSupport,
            2 => Self::GoogleInitiatedService,
            3 => Self::ThirdPartyDataRequest,
            4 => Self::GoogleInitiatedReview,
            5 => Self::CustomerInitiatedAccess,
            6 => Self::GoogleInitiatedSystemOperation,
            7 => Self::ReasonNotExpected,
            8 => Self::ModifiedCustomerInitiatedAccess,
            9 => Self::ModifiedGoogleInitiatedSystemOperation,
            10 => Self::GoogleResponseToProductionAlert,
            11 => Self::CustomerAuthorizedWorkflowServicing,
            _ => Self::UnknownValue(access_reason::UnknownValue(
                wkt::internal::UnknownEnumValue::Integer(value),
            )),
        }
    }
}

impl std::convert::From<&str> for AccessReason {
    fn from(value: &str) -> Self {
        use std::string::ToString;
        match value {
            "REASON_UNSPECIFIED" => Self::ReasonUnspecified,
            "CUSTOMER_INITIATED_SUPPORT" => Self::CustomerInitiatedSupport,
            "GOOGLE_INITIATED_SERVICE" => Self::GoogleInitiatedService,
            "THIRD_PARTY_DATA_REQUEST" => Self::ThirdPartyDataRequest,
            "GOOGLE_INITIATED_REVIEW" => Self::GoogleInitiatedReview,
            "CUSTOMER_INITIATED_ACCESS" => Self::CustomerInitiatedAccess,
            "GOOGLE_INITIATED_SYSTEM_OPERATION" => Self::GoogleInitiatedSystemOperation,
            "REASON_NOT_EXPECTED" => Self::ReasonNotExpected,
            "MODIFIED_CUSTOMER_INITIATED_ACCESS" => Self::ModifiedCustomerInitiatedAccess,
            "MODIFIED_GOOGLE_INITIATED_SYSTEM_OPERATION" => {
                Self::ModifiedGoogleInitiatedSystemOperation
            }
            "GOOGLE_RESPONSE_TO_PRODUCTION_ALERT" => Self::GoogleResponseToProductionAlert,
            "CUSTOMER_AUTHORIZED_WORKFLOW_SERVICING" => Self::CustomerAuthorizedWorkflowServicing,
            _ => Self::UnknownValue(access_reason::UnknownValue(
                wkt::internal::UnknownEnumValue::String(value.to_string()),
            )),
        }
    }
}

impl serde::ser::Serialize for AccessReason {
    fn serialize<S>(&self, serializer: S) -> std::result::Result<S::Ok, S::Error>
    where
        S: serde::Serializer,
    {
        match self {
            Self::ReasonUnspecified => serializer.serialize_i32(0),
            Self::CustomerInitiatedSupport => serializer.serialize_i32(1),
            Self::GoogleInitiatedService => serializer.serialize_i32(2),
            Self::ThirdPartyDataRequest => serializer.serialize_i32(3),
            Self::GoogleInitiatedReview => serializer.serialize_i32(4),
            Self::CustomerInitiatedAccess => serializer.serialize_i32(5),
            Self::GoogleInitiatedSystemOperation => serializer.serialize_i32(6),
            Self::ReasonNotExpected => serializer.serialize_i32(7),
            Self::ModifiedCustomerInitiatedAccess => serializer.serialize_i32(8),
            Self::ModifiedGoogleInitiatedSystemOperation => serializer.serialize_i32(9),
            Self::GoogleResponseToProductionAlert => serializer.serialize_i32(10),
            Self::CustomerAuthorizedWorkflowServicing => serializer.serialize_i32(11),
            Self::UnknownValue(u) => u.0.serialize(serializer),
        }
    }
}

impl<'de> serde::de::Deserialize<'de> for AccessReason {
    fn deserialize<D>(deserializer: D) -> std::result::Result<Self, D::Error>
    where
        D: serde::Deserializer<'de>,
    {
        deserializer.deserialize_any(wkt::internal::EnumVisitor::<AccessReason>::new(
            ".google.cloud.kms.v1.AccessReason",
        ))
    }
}
